package org.gridgain.plugin.security;

import java.util.concurrent.Callable;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.plugin.PluginConfiguration;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.services.Service;
import org.apache.ignite.services.ServiceConfiguration;
import org.apache.ignite.services.ServiceContext;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.gridgain.grid.configuration.GridGainConfiguration;
import org.gridgain.grid.security.passcode.AuthenticationAclBasicProvider;
import org.gridgain.grid.security.passcode.PasscodeAuthenticator;
import org.junit.Test;

/* loaded from: input_file:org/gridgain/plugin/security/SecurityServicePermissionsTest.class */
public class SecurityServicePermissionsTest extends GridCommonAbstractTest {
    private static final String DEPLOY_SRVC_NAME_TPL = "deploy";
    private static final String DEPLOY_SRVC_NAME = "service-deploy";
    private static final String DEPLOY_SRVC_NAME_CFG = "cfg-service-deploy";
    private static final String ALLOW_DEPLOY_SRVC_NAME_CFG = "allow-service-deploy";
    private static final String CANCEL_SRVC_NAME_TPL = "cancel";
    private static final String CANCEL_SRVC_NAME = "service-cancel";
    private static final String INVOKE_SRVC_NAME_TPL = "invoke";
    private static final String INVOKE_SRVC_NAME = "service-invoke";
    public static final String CACHE_NAME = "cache";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gridgain/plugin/security/SecurityServicePermissionsTest$TestService.class */
    public interface TestService extends Service {
        void invoke();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gridgain/plugin/security/SecurityServicePermissionsTest$TestServiceImpl.class */
    public static class TestServiceImpl implements TestService {
        private TestServiceImpl() {
        }

        @Override // org.gridgain.plugin.security.SecurityServicePermissionsTest.TestService
        public void invoke() {
        }

        public void cancel(ServiceContext serviceContext) {
        }

        public void init(ServiceContext serviceContext) throws Exception {
        }

        public void execute(ServiceContext serviceContext) throws Exception {
        }
    }

    protected IgniteConfiguration getConfiguration(String str) throws Exception {
        IgniteConfiguration configuration = super.getConfiguration(str);
        SecurityCredentials securityCredentials = new SecurityCredentials("login", "password");
        PasscodeAuthenticator passcodeAuthenticator = new PasscodeAuthenticator();
        passcodeAuthenticator.setAclProvider(new AuthenticationAclBasicProvider(F.asMap(securityCredentials, "{defaultAllow:false, {service:'deploy*', permissions:[SERVICE_INVOKE, SERVICE_CANCEL]}, {service:'cancel*', permissions:[SERVICE_INVOKE, SERVICE_DEPLOY]}, {service:'invoke*', permissions:[SERVICE_DEPLOY, SERVICE_CANCEL]}, {service:'service-deploy', permissions:[SERVICE_INVOKE, SERVICE_CANCEL]}, {service:'service-cancel', permissions:[SERVICE_INVOKE, SERVICE_DEPLOY]}, {service:'service-invoke', permissions:[SERVICE_DEPLOY, SERVICE_CANCEL]}, {service:'cfg-service-deploy', permissions:[SERVICE_INVOKE, SERVICE_CANCEL]}, {service:'allow-service-deploy', permissions:[SERVICE_INVOKE, SERVICE_CANCEL, SERVICE_DEPLOY]}, {system:[ADMIN_OPS,CACHE_CREATE,JOIN_AS_SERVER]}}")));
        PluginConfiguration gridGainConfiguration = new GridGainConfiguration();
        gridGainConfiguration.setAuthenticator(passcodeAuthenticator);
        gridGainConfiguration.setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials));
        configuration.setPluginConfigurations(new PluginConfiguration[]{gridGainConfiguration});
        configuration.setCacheConfiguration(new CacheConfiguration[]{new CacheConfiguration(CACHE_NAME)});
        if (str.contains("cfg") || str.contains("allow")) {
            ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
            serviceConfiguration.setName(str.contains("cfg") ? DEPLOY_SRVC_NAME_CFG : ALLOW_DEPLOY_SRVC_NAME_CFG);
            serviceConfiguration.setMaxPerNodeCount(1);
            serviceConfiguration.setService(new TestServiceImpl());
            configuration.setServiceConfiguration(new ServiceConfiguration[]{serviceConfiguration});
        }
        return configuration;
    }

    protected void beforeTestsStarted() throws Exception {
        startGrids(2);
    }

    protected void afterTestsStopped() throws Exception {
        stopAllGrids();
    }

    @Test
    public void testDeploy() throws Exception {
        checkDeploy(DEPLOY_SRVC_NAME_TPL);
        checkDeploy(DEPLOY_SRVC_NAME);
    }

    private void checkDeploy(String str) {
        IgniteEx grid = grid(0);
        GridTestUtils.assertThrowsWithCause(() -> {
            grid.services().deployNodeSingleton(str, new TestServiceImpl());
            return null;
        }, SecurityException.class);
        GridTestUtils.assertThrowsWithCause(() -> {
            grid.services().deployClusterSingleton(str, new TestServiceImpl());
            return null;
        }, SecurityException.class);
        GridTestUtils.assertThrowsWithCause(() -> {
            grid.services().deployMultiple(str, new TestServiceImpl(), 2, 2);
            return null;
        }, SecurityException.class);
        GridTestUtils.assertThrowsWithCause(() -> {
            grid.services().deployKeyAffinitySingleton(str, new TestServiceImpl(), CACHE_NAME, 1);
            return null;
        }, SecurityException.class);
        GridTestUtils.assertThrowsWithCause(() -> {
            ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
            serviceConfiguration.setName(str);
            serviceConfiguration.setMaxPerNodeCount(1);
            serviceConfiguration.setService(new TestServiceImpl());
            grid.services().deploy(serviceConfiguration);
            return null;
        }, SecurityException.class);
    }

    @Test
    public void testInvoke() throws Exception {
        checkInvoke(INVOKE_SRVC_NAME_TPL);
        checkInvoke(INVOKE_SRVC_NAME);
    }

    private void checkInvoke(final String str) {
        final IgniteEx grid = grid(0);
        grid.services().deployNodeSingleton(str, new TestServiceImpl());
        GridTestUtils.assertThrows(log, new Callable<Object>() { // from class: org.gridgain.plugin.security.SecurityServicePermissionsTest.1
            @Override // java.util.concurrent.Callable
            public Object call() throws Exception {
                SecurityServicePermissionsTest.fail("Service should not be able to retrieve");
                return null;
            }
        }, SecurityException.class, (String) null);
        GridTestUtils.assertThrows(log, new Callable<Object>() { // from class: org.gridgain.plugin.security.SecurityServicePermissionsTest.2
            @Override // java.util.concurrent.Callable
            public Object call() throws Exception {
                SecurityServicePermissionsTest.fail("Service should not be able to retrieve");
                return null;
            }
        }, SecurityException.class, (String) null);
        grid.services().cancel(str);
    }

    @Test
    public void testCancel() throws Exception {
        checkCancel(CANCEL_SRVC_NAME_TPL);
        checkCancel(CANCEL_SRVC_NAME);
    }

    private void checkCancel(final String str) throws Exception {
        final IgniteEx grid = grid(0);
        grid.services(grid.cluster().forLocal()).deployNodeSingleton(str, new TestServiceImpl());
        ((TestService) grid.services().service(str)).invoke();
        assertTrue(GridTestUtils.waitForCondition(() -> {
            try {
                return !F.isEmpty(grid(1).context().service().serviceTopology(str, getTestTimeout()));
            } catch (IgniteCheckedException e) {
                throw new IgniteException(e);
            }
        }, getTestTimeout()));
        ((TestService) grid(1).services().serviceProxy(str, TestService.class, false)).invoke();
        GridTestUtils.assertThrows(log, new Callable<Object>() { // from class: org.gridgain.plugin.security.SecurityServicePermissionsTest.3
            @Override // java.util.concurrent.Callable
            public Object call() throws Exception {
                grid.services().cancel(str);
                SecurityServicePermissionsTest.fail("Cancel forbidden");
                return null;
            }
        }, SecurityException.class, (String) null);
        GridTestUtils.assertThrows(log, new Callable<Object>() { // from class: org.gridgain.plugin.security.SecurityServicePermissionsTest.4
            @Override // java.util.concurrent.Callable
            public Object call() throws Exception {
                grid.services().cancelAll();
                SecurityServicePermissionsTest.fail("Cancel forbidden");
                return null;
            }
        }, SecurityException.class, (String) null);
    }

    @Test
    public void testConfigurationDeploy() throws Exception {
        GridTestUtils.assertThrowsWithCause(() -> {
            startGrid("deploy-cfg");
            fail("Node cannot be started with undeployable service");
            return null;
        }, SecurityException.class);
        startGrid("deploy-allow");
        stopGrid("deploy-allow");
    }
}
