package org.gridgain.grid.authentication.jaas;

import java.io.File;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.security.auth.login.Configuration;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
import org.apache.ignite.plugin.security.SecuritySubject;
import org.apache.ignite.plugin.security.SecuritySubjectType;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.gridgain.grid.security.jaas.JaasAuthenticator;
import org.gridgain.grid.security.jaas.JaasBasicPermissionsProvider;
import org.junit.Test;

/* loaded from: input_file:org/gridgain/grid/authentication/jaas/JaasAuthenticatorGroupsSelfTest.class */
public class JaasAuthenticatorGroupsSelfTest extends GridCommonAbstractTest {
    private static final String LOGIN_CONTEXT_NAME = "GridJaasLoginContext-" + UUID.randomUUID().toString();

    protected void beforeTestsStarted() throws Exception {
        File createTempFile = File.createTempFile("login-module", ".properties");
        U.writeStringToFile(createTempFile, LOGIN_CONTEXT_NAME + " {" + GridJaasLoginModuleSample.class.getCanonicalName() + " OPTIONAL groupName=group-1;" + GridJaasLoginModuleSample.class.getCanonicalName() + " OPTIONAL groupName=group-2;};");
        System.setProperty("java.security.auth.login.config", createTempFile.getAbsolutePath());
        Configuration.setConfiguration((Configuration) null);
    }

    protected void afterTestsStopped() throws Exception {
        System.clearProperty("java.security.auth.login.config");
    }

    @Test
    public void testNoGroup() throws Exception {
        assertNull(authenticate("gridgain", "gridgain"));
    }

    @Test
    public void testGroup1() throws Exception {
        SecuritySubject authenticate = authenticate("group-user-1", "group-user-1");
        assertNotNull(authenticate);
        Map cachePermissions = authenticate.permissions().cachePermissions();
        assertNotNull(cachePermissions);
        assertEquals(2, cachePermissions.size());
        Collection collection = (Collection) cachePermissions.get("cache-1");
        assertNotNull(collection);
        assertEquals(1, collection.size());
        assertTrue(collection.contains(SecurityPermission.CACHE_READ));
        Collection collection2 = (Collection) cachePermissions.get("cache-2");
        assertNotNull(collection2);
        assertEquals(1, collection2.size());
        assertTrue(collection2.contains(SecurityPermission.CACHE_READ));
    }

    @Test
    public void testGroup2() throws Exception {
        SecuritySubject authenticate = authenticate("group-user-2", "group-user-2");
        assertNotNull(authenticate);
        Map cachePermissions = authenticate.permissions().cachePermissions();
        assertNotNull(cachePermissions);
        assertEquals(2, cachePermissions.size());
        Collection collection = (Collection) cachePermissions.get("cache-2");
        assertNotNull(collection);
        assertEquals(2, collection.size());
        assertTrue(collection.contains(SecurityPermission.CACHE_READ));
        assertTrue(collection.contains(SecurityPermission.CACHE_PUT));
        Collection collection2 = (Collection) cachePermissions.get("cache-3");
        assertNotNull(collection2);
        assertEquals(1, collection2.size());
        assertTrue(collection2.contains(SecurityPermission.CACHE_READ));
    }

    @Test
    public void testBothGroups() throws Exception {
        SecuritySubject authenticate = authenticate("group-user-12", "group-user-12");
        assertNotNull(authenticate);
        Map cachePermissions = authenticate.permissions().cachePermissions();
        assertNotNull(cachePermissions);
        assertEquals(3, cachePermissions.size());
        Collection collection = (Collection) cachePermissions.get("cache-1");
        assertNotNull(collection);
        assertEquals(1, collection.size());
        assertTrue(collection.contains(SecurityPermission.CACHE_READ));
        Collection collection2 = (Collection) cachePermissions.get("cache-2");
        assertNotNull(collection2);
        assertEquals(2, collection2.size());
        assertTrue(collection2.contains(SecurityPermission.CACHE_READ));
        assertTrue(collection2.contains(SecurityPermission.CACHE_PUT));
        Collection collection3 = (Collection) cachePermissions.get("cache-3");
        assertNotNull(collection3);
        assertEquals(1, collection3.size());
        assertTrue(collection3.contains(SecurityPermission.CACHE_READ));
    }

    private SecuritySubject authenticate(String str, String str2) throws IgniteCheckedException {
        JaasAuthenticator jaasAuthenticator = new JaasAuthenticator();
        jaasAuthenticator.setLoginContextName(LOGIN_CONTEXT_NAME);
        HashMap hashMap = new HashMap();
        hashMap.put("group-1", new SecurityPermissionSetBuilder().appendCachePermissions("cache-1", new SecurityPermission[]{SecurityPermission.CACHE_READ}).appendCachePermissions("cache-2", new SecurityPermission[]{SecurityPermission.CACHE_READ}).build());
        hashMap.put("group-2", new SecurityPermissionSetBuilder().appendCachePermissions("cache-2", new SecurityPermission[]{SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT}).appendCachePermissions("cache-3", new SecurityPermission[]{SecurityPermission.CACHE_READ}).build());
        jaasAuthenticator.setPermissionsProvider(new JaasBasicPermissionsProvider(hashMap));
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.subjectType(SecuritySubjectType.REMOTE_NODE);
        authenticationContext.subjectId(UUID.randomUUID());
        authenticationContext.credentials(new SecurityCredentials(str, str2));
        return jaasAuthenticator.authenticate(authenticationContext);
    }
}
