package org.gridgain.internal.processors.security;

import org.apache.ignite.IgniteAuthenticationException;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteClientDisconnectedCheckedException;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.plugin.PluginConfiguration;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.WithSystemProperty;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.gridgain.grid.configuration.GridGainConfiguration;
import org.gridgain.grid.security.passcode.PasscodeAuthenticator;
import org.junit.Ignore;
import org.junit.Test;

@WithSystemProperty(key = "IGNITE_SECURITY_PROCESSOR", value = "true")
/* loaded from: input_file:org/gridgain/internal/processors/security/ReconnectSecurityTest.class */
public class ReconnectSecurityTest extends GridCommonAbstractTest {
    private static final SecurityCredentials SERVER_CRED = new SecurityCredentials("server", "server");
    private static final SecurityCredentials CLIENT_1_CRED = new SecurityCredentials("client1", "client1");
    private static final SecurityCredentials CLIENT_2_CRED = new SecurityCredentials("client2", "client2");
    private TestAuthenticationAclProvider authProvider = new TestAuthenticationAclProvider();

    private IgniteConfiguration getConfiguration(String str, SecurityCredentials securityCredentials, boolean z) throws Exception {
        IgniteConfiguration configuration = super.getConfiguration(str);
        PluginConfiguration gridGainConfiguration = new GridGainConfiguration();
        if (z) {
            gridGainConfiguration.setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials));
        } else {
            PasscodeAuthenticator passcodeAuthenticator = new PasscodeAuthenticator();
            passcodeAuthenticator.setAclProvider(this.authProvider);
            gridGainConfiguration.setAuthenticator(passcodeAuthenticator);
            gridGainConfiguration.setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials));
            configuration.setCacheConfiguration(getCacheConfigurations());
        }
        configuration.setClientMode(z);
        configuration.setPluginConfigurations(new PluginConfiguration[]{gridGainConfiguration});
        return configuration;
    }

    private CacheConfiguration[] getCacheConfigurations() {
        return new CacheConfiguration[]{new CacheConfiguration().setName("default").setIndexedTypes(new Class[]{Integer.class, Integer.class})};
    }

    protected void afterTest() throws Exception {
        stopAllGrids();
    }

    @Test
    public void testAddNewCredAfterRestart() throws Exception {
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        this.authProvider.addPerms(CLIENT_1_CRED, SecurityPermissionSetBuilder.create().build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        startClient("client1", CLIENT_1_CRED).cache("default");
        GridTestUtils.assertThrowsWithCause(() -> {
            return startClient("client2", CLIENT_2_CRED);
        }, IgniteAuthenticationException.class);
        stopGrid("server1");
        this.authProvider.addPerms(CLIENT_2_CRED, SecurityPermissionSetBuilder.create().build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        startClient("client2", CLIENT_2_CRED);
    }

    @Test
    @Ignore("https://ggsystems.atlassian.net/browse/GG-24738")
    public void testAddNewPermissionAfterRestart() throws Exception {
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        this.authProvider.addPerms(CLIENT_1_CRED, SecurityPermissionSetBuilder.create().defaultAllowAll(false).build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        IgniteEx startClient = startClient("client1", CLIENT_1_CRED);
        GridTestUtils.assertThrowsWithCause(() -> {
            startClient.cache("default").put(1, 1);
        }, SecurityException.class);
        stopGrid("server1");
        this.authProvider.addPerms(CLIENT_1_CRED, SecurityPermissionSetBuilder.create().appendCachePermissions("default", new SecurityPermission[]{SecurityPermission.CACHE_PUT}).build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        startClient.cache("default").put(1, 1);
    }

    @Test
    @Ignore("https://ggsystems.atlassian.net/browse/GG-24738")
    public void testRemoveExistPermissionAfterRestart() throws Exception {
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        this.authProvider.addPerms(CLIENT_1_CRED, SecurityPermissionSetBuilder.create().appendCachePermissions("default", new SecurityPermission[]{SecurityPermission.CACHE_PUT}).defaultAllowAll(false).build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        IgniteEx startClient = startClient("client1", CLIENT_1_CRED);
        startClient.cache("default").put(1, 1);
        stopGrid("server1");
        this.authProvider.addPerms(CLIENT_1_CRED, SecurityPermissionSetBuilder.create().defaultAllowAll(false).build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        GridTestUtils.assertThrowsWithCause(() -> {
            startClient.cache("default").put(1, 1);
        }, SecurityException.class);
    }

    @Test
    public void testClientCanNotReJoinIfServerChangeCred() throws Exception {
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        this.authProvider.addPerms(CLIENT_1_CRED, SecurityPermissionSetBuilder.create().appendCachePermissions("default", new SecurityPermission[]{SecurityPermission.CACHE_PUT}).defaultAllowAll(false).build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        IgniteEx startClient = startClient("client1", CLIENT_1_CRED);
        startClient.cache("default").put(1, 1);
        stopGrid("server1");
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        GridTestUtils.assertThrowsWithCause(() -> {
            startClient.cache("default").put(1, 1);
        }, IgniteClientDisconnectedCheckedException.class);
    }

    @Test
    public void testServerWithDifferentPermissionPerCredCanNotConnectToCluster() throws Exception {
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendCachePermissions("default", new SecurityPermission[]{SecurityPermission.CACHE_READ}).appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        GridTestUtils.assertThrowsWithCause(() -> {
            return startGrid(getConfiguration("server2", SERVER_CRED, false));
        }, IgniteCheckedException.class);
    }

    @Test
    public void testServerWithDifferentCredCanNotConnectToCluster() throws Exception {
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        this.authProvider.addPerms(new SecurityCredentials("client", "password1"), SecurityPermissionSetBuilder.create().build());
        startGrid(getConfiguration("server1", SERVER_CRED, false));
        this.authProvider = new TestAuthenticationAclProvider(SERVER_CRED, SecurityPermissionSetBuilder.create().appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).build());
        this.authProvider.addPerms(new SecurityCredentials("client", "password2"), SecurityPermissionSetBuilder.create().build());
        GridTestUtils.assertThrowsWithCause(() -> {
            return startGrid(getConfiguration("server2", SERVER_CRED, false));
        }, IgniteCheckedException.class);
    }

    private IgniteEx startClient(String str, SecurityCredentials securityCredentials) throws Exception {
        return startGrid(getConfiguration(str, securityCredentials, true));
    }
}
