package org.gridgain.grid.authentication.jaas;

import com.google.common.collect.Lists;
import java.io.File;
import java.util.Collection;
import java.util.UUID;
import javax.security.auth.login.Configuration;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.plugin.security.AuthenticationContext;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSet;
import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
import org.apache.ignite.plugin.security.SecuritySubject;
import org.apache.ignite.plugin.security.SecuritySubjectType;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.gridgain.grid.security.jaas.JaasAuthenticator;
import org.gridgain.grid.security.jaas.JaasBasicPermissionsProvider;
import org.gridgain.plugin.security.SecurityServicePermissionsTest;
import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;

/* loaded from: input_file:org/gridgain/grid/authentication/jaas/JaasAuthenticatorSelfTest.class */
public class JaasAuthenticatorSelfTest extends GridCommonAbstractTest {
    private static final String LOGIN_CONTEXT_NAME;
    static final /* synthetic */ boolean $assertionsDisabled;

    protected void beforeTestsStarted() throws Exception {
        File createTempFile = File.createTempFile("login-module", ".properties");
        U.writeStringToFile(createTempFile, LOGIN_CONTEXT_NAME + " {" + GridJaasLoginModuleSample.class.getCanonicalName() + " REQUIRED;};");
        System.setProperty("java.security.auth.login.config", createTempFile.getAbsolutePath());
        Configuration.setConfiguration((Configuration) null);
    }

    protected void afterTestsStopped() throws Exception {
        System.clearProperty("java.security.auth.login.config");
    }

    @Test
    public void testAuthentication() throws Exception {
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.subjectId(UUID.randomUUID());
        SecurityCredentials[] securityCredentialsArr = {new SecurityCredentials("gridgain", "gridgain")};
        SecurityCredentials[] securityCredentialsArr2 = {null, new SecurityCredentials("", (String) null), new SecurityCredentials("", ""), new SecurityCredentials("gridgain", ""), new SecurityCredentials("", "gridgain")};
        JaasAuthenticator jaasAuthenticator = new JaasAuthenticator();
        jaasAuthenticator.setLoginContextName(LOGIN_CONTEXT_NAME);
        for (SecuritySubjectType securitySubjectType : SecuritySubjectType.values()) {
            authenticationContext.subjectType(securitySubjectType);
            for (SecurityCredentials securityCredentials : securityCredentialsArr) {
                authenticationContext.credentials(securityCredentials);
                assertNotNull(jaasAuthenticator.authenticate(authenticationContext));
            }
            for (SecurityCredentials securityCredentials2 : securityCredentialsArr2) {
                authenticationContext.credentials(securityCredentials2);
                assertNull(jaasAuthenticator.authenticate(authenticationContext));
            }
        }
    }

    @Test
    public void testCustomPermissionProvider() throws Exception {
        JaasBasicPermissionsProvider jaasBasicPermissionsProvider = new JaasBasicPermissionsProvider(F.asMap("gridgain", new SecurityPermissionSetBuilder().appendCachePermissions(SecurityServicePermissionsTest.CACHE_NAME, new SecurityPermission[]{SecurityPermission.CACHE_PUT, SecurityPermission.CACHE_READ, SecurityPermission.CACHE_REMOVE}).appendTaskPermissions("task", new SecurityPermission[]{SecurityPermission.TASK_EXECUTE, SecurityPermission.TASK_CANCEL}).appendServicePermissions("service", new SecurityPermission[]{SecurityPermission.SERVICE_DEPLOY, SecurityPermission.SERVICE_INVOKE, SecurityPermission.SERVICE_CANCEL}).appendTracingPermissions(new SecurityPermission[]{SecurityPermission.TRACING_CONFIGURATION_UPDATE}).appendSystemPermissions(new SecurityPermission[]{SecurityPermission.ADMIN_VIEW}).build()));
        JaasAuthenticator jaasAuthenticator = new JaasAuthenticator();
        jaasAuthenticator.setLoginContextName(LOGIN_CONTEXT_NAME);
        jaasAuthenticator.setPermissionsProvider(jaasBasicPermissionsProvider);
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.subjectId(UUID.randomUUID());
        authenticationContext.credentials(new SecurityCredentials("gridgain", "gridgain"));
        SecurityPermissionSet permissions = jaasAuthenticator.authenticate(authenticationContext).permissions();
        if (!$assertionsDisabled && permissions == null) {
            throw new AssertionError();
        }
        assertFalse(permissions.defaultAllowAll());
        if (!$assertionsDisabled && permissions.cachePermissions() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && permissions.taskPermissions() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && permissions.servicePermissions() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && permissions.tracingPermissions() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && permissions.systemPermissions() == null) {
            throw new AssertionError();
        }
        assertEquals(1, permissions.cachePermissions().size());
        assertEquals(1, permissions.taskPermissions().size());
        assertEquals(1, permissions.servicePermissions().size());
        Collection collection = (Collection) permissions.cachePermissions().get(SecurityServicePermissionsTest.CACHE_NAME);
        Collection collection2 = (Collection) permissions.taskPermissions().get("task");
        Collection collection3 = (Collection) permissions.servicePermissions().get("service");
        Collection tracingPermissions = permissions.tracingPermissions();
        Collection systemPermissions = permissions.systemPermissions();
        assertEquals(3, collection.size());
        assertEquals(2, collection2.size());
        assertEquals(3, collection3.size());
        assertEquals(1, tracingPermissions.size());
        assertEquals(1, systemPermissions.size());
        assertTrue(collection.containsAll(Lists.newArrayList(new SecurityPermission[]{SecurityPermission.CACHE_PUT, SecurityPermission.CACHE_REMOVE, SecurityPermission.CACHE_READ})));
        assertTrue(collection2.containsAll(Lists.newArrayList(new SecurityPermission[]{SecurityPermission.TASK_EXECUTE, SecurityPermission.TASK_CANCEL})));
        assertTrue(collection3.containsAll(Lists.newArrayList(new SecurityPermission[]{SecurityPermission.SERVICE_DEPLOY, SecurityPermission.SERVICE_INVOKE, SecurityPermission.SERVICE_CANCEL})));
        assertTrue(systemPermissions.contains(SecurityPermission.ADMIN_VIEW));
        assertTrue(tracingPermissions.contains(SecurityPermission.TRACING_CONFIGURATION_UPDATE));
    }

    @Test
    public void testSpringPermissionConfig() throws Exception {
        JaasAuthenticator jaasAuthenticator = (JaasAuthenticator) new ClassPathXmlApplicationContext("spring-jaasauth-permission-config.xml").getBean("jaasAuth", JaasAuthenticator.class);
        jaasAuthenticator.setLoginContextName(LOGIN_CONTEXT_NAME);
        AuthenticationContext authenticationContext = new AuthenticationContext();
        authenticationContext.subjectId(UUID.randomUUID());
        authenticationContext.credentials(new SecurityCredentials("gridgain", "gridgain"));
        SecuritySubject authenticate = jaasAuthenticator.authenticate(authenticationContext);
        if (!$assertionsDisabled && authenticate == null) {
            throw new AssertionError();
        }
        SecurityPermissionSet permissions = authenticate.permissions();
        if (!$assertionsDisabled && permissions == null) {
            throw new AssertionError();
        }
        assertFalse(permissions.defaultAllowAll());
        if (!$assertionsDisabled && permissions.cachePermissions() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && permissions.taskPermissions() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && permissions.tracingPermissions() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && permissions.systemPermissions() == null) {
            throw new AssertionError();
        }
        assertEquals(2, permissions.cachePermissions().size());
        assertEquals(2, permissions.taskPermissions().size());
        assertEquals(3, permissions.servicePermissions().size());
        assertEquals(1, permissions.tracingPermissions().size());
        assertEquals(1, permissions.systemPermissions().size());
        Collection collection = (Collection) permissions.cachePermissions().get("cache1");
        Collection collection2 = (Collection) permissions.cachePermissions().get("cache2");
        Collection collection3 = (Collection) permissions.taskPermissions().get("task1");
        Collection collection4 = (Collection) permissions.taskPermissions().get("task2");
        Collection collection5 = (Collection) permissions.servicePermissions().get("service1");
        Collection collection6 = (Collection) permissions.servicePermissions().get("service2");
        Collection collection7 = (Collection) permissions.servicePermissions().get("service3");
        Collection tracingPermissions = permissions.tracingPermissions();
        Collection systemPermissions = permissions.systemPermissions();
        assertEquals(1, collection.size());
        assertEquals(1, collection2.size());
        assertEquals(1, collection3.size());
        assertEquals(1, collection4.size());
        assertEquals(1, collection5.size());
        assertEquals(1, collection6.size());
        assertEquals(1, collection7.size());
        assertTrue(collection.contains(SecurityPermission.CACHE_READ));
        assertTrue(collection2.contains(SecurityPermission.CACHE_REMOVE));
        assertTrue(collection3.contains(SecurityPermission.TASK_EXECUTE));
        assertTrue(collection4.contains(SecurityPermission.TASK_CANCEL));
        assertTrue(collection5.contains(SecurityPermission.SERVICE_DEPLOY));
        assertTrue(collection6.contains(SecurityPermission.SERVICE_INVOKE));
        assertTrue(collection7.contains(SecurityPermission.SERVICE_CANCEL));
        assertTrue(systemPermissions.contains(SecurityPermission.ADMIN_VIEW));
        assertTrue(tracingPermissions.contains(SecurityPermission.TRACING_CONFIGURATION_UPDATE));
    }

    static {
        $assertionsDisabled = !JaasAuthenticatorSelfTest.class.desiredAssertionStatus();
        LOGIN_CONTEXT_NAME = "GridJaasLoginContext-" + UUID.randomUUID().toString();
    }
}
