package org.gridgain.plugin.security;

import java.util.HashMap;
import org.apache.ignite.IgniteCache;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.configuration.ClientConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.TestRecordingCommunicationSpi;
import org.apache.ignite.internal.processors.cache.IgniteInternalCache;
import org.apache.ignite.plugin.PluginConfiguration;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.WithSystemProperty;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.gridgain.grid.configuration.GridGainConfiguration;
import org.gridgain.grid.security.passcode.AuthenticationAclBasicProvider;
import org.gridgain.grid.security.passcode.PasscodeAuthenticator;
import org.junit.Test;

@WithSystemProperty(key = "IGNITE_SECURITY_FOR_SYS_CACHE_ENABLED", value = "true")
/* loaded from: input_file:org/gridgain/plugin/security/UtilityCachePermitionsTest.class */
public class UtilityCachePermitionsTest extends GridCommonAbstractTest {
    protected IgniteConfiguration getConfiguration(String str) throws Exception {
        SecurityCredentials securityCredentials = new SecurityCredentials("server", "password");
        SecurityCredentials securityCredentials2 = new SecurityCredentials("client", "password");
        IgniteConfiguration communicationSpi = super.getConfiguration(str).setClientConnectorConfiguration(new ClientConnectorConfiguration()).setCommunicationSpi(new TestRecordingCommunicationSpi());
        if ("client".equals(str)) {
            communicationSpi.setClientMode(true).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials2))});
        } else {
            HashMap hashMap = new HashMap();
            hashMap.put(securityCredentials, "{defaultAllow:false,{cache:'default', permissions:[CACHE_READ]}}");
            hashMap.put(securityCredentials2, "{defaultAllow:false, {cache:'default', permissions:[CACHE_READ, CACHE_PUT]},{cache:'ignite-sys-cache', permissions:[CACHE_READ]},{task:'*',permissions:[TASK_EXECUTE]},{system:[CACHE_CREATE]}}");
            PasscodeAuthenticator passcodeAuthenticator = new PasscodeAuthenticator();
            passcodeAuthenticator.setAclProvider(new AuthenticationAclBasicProvider(hashMap));
            communicationSpi.setCacheConfiguration(new CacheConfiguration[]{new CacheConfiguration("default")}).setPluginConfigurations(new PluginConfiguration[]{new GridGainConfiguration().setAuthenticator(passcodeAuthenticator).setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials))});
        }
        return communicationSpi;
    }

    @Test
    public void testAccessToSystemCache() throws Exception {
        IgniteEx startGrid = startGrid(0);
        IgniteEx startGrid2 = startGrid("client");
        IgniteInternalCache cachex = startGrid2.cachex("ignite-sys-cache");
        IgniteInternalCache cachex2 = startGrid.cachex("ignite-sys-cache");
        IgniteCache cache = startGrid2.cache("default");
        IgniteCache cache2 = startGrid.cache("default");
        GridTestUtils.assertThrows(log, () -> {
            cachex.put(1, 1);
            return null;
        }, SecurityException.class, (String) null);
        cachex2.put(2, 2);
        cache.put(1, 1);
        GridTestUtils.assertThrows(log, () -> {
            cache2.put(2, 2);
            return null;
        }, SecurityException.class, (String) null);
        assertNull(cachex.get(1));
        assertEquals(2, cachex2.get(2));
        assertEquals(1, cache.get(1));
        assertNull(cache2.get(2));
    }
}
