package org.gridgain.grid.internal.processors.cache.database;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.SystemPropertiesList;
import org.apache.ignite.testframework.junits.WithSystemProperty;
import org.gridgain.grid.configuration.GridGainConfiguration;
import org.gridgain.grid.internal.GridPluginUtils;
import org.gridgain.grid.persistentstore.MessageDigestFactory;
import org.gridgain.grid.persistentstore.SnapshotFuture;
import org.gridgain.grid.persistentstore.SnapshotRegistryTransformer;
import org.gridgain.grid.persistentstore.SnapshotSecurityLevel;
import org.gridgain.grid.security.passcode.AuthenticationAclBasicProvider;
import org.gridgain.grid.security.passcode.PasscodeAuthenticator;
import org.junit.Test;

@SystemPropertiesList({@WithSystemProperty(key = "GG_SNAPSHOT_SECURITY_FEATURE", value = "true"), @WithSystemProperty(key = "IGNITE_DISTRIBUTED_META_STORAGE_FEATURE", value = "true")})
/* loaded from: input_file:org/gridgain/grid/internal/processors/cache/database/SnapshotSecurityLevelSetupTest.class */
public class SnapshotSecurityLevelSetupTest extends AbstractSnapshotTest {
    private static final String DIST_CONF_PREFIX = "distrConf-";
    private static final String LEVEL_KEY = "distrConf-snapshotSecurityLevel";
    private static final String[] CREDS;
    private static MessageDigestFactory TEST_DIGEST_FACTORY;
    private static SnapshotRegistryTransformer TEST_TRANSFORMER;
    static final /* synthetic */ boolean $assertionsDisabled;

    protected void beforeTestsStarted() throws Exception {
        stopAllGrids();
        cleanSnapshotDirs();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.gridgain.grid.internal.processors.cache.database.AbstractSnapshotTest
    public void afterTestsStopped() throws Exception {
        super.afterTestsStopped();
        System.clearProperty("GG_SNAPSHOT_SECURITY_LEVEL");
    }

    protected void afterTest() throws Exception {
        stopAllGrids();
        cleanSnapshotDirs();
    }

    @Test
    @WithSystemProperty(key = "GG_SNAPSHOT_SECURITY_LEVEL", value = "bad_level")
    public void testStartFailureWithMisspelledSystemProperty() {
        GridTestUtils.assertThrows(log, () -> {
            return startGrid(0);
        }, IgniteCheckedException.class, "Failed to resolve snapshot security level using system property (are there any misspellings?).");
        GridTestUtils.assertThrows(log, () -> {
            return startGrid("client");
        }, IgniteCheckedException.class, "Failed to resolve snapshot security level using system property (are there any misspellings?).");
    }

    @Test
    public void testNoMetastorageMigrationWithUnsetProperty() throws Exception {
        assertNull(System.getProperty("GG_SNAPSHOT_SECURITY_LEVEL"));
        startGrids(2);
        IgniteEx startGrid = startGrid("client");
        grid(0).cluster().active(true);
        assertEquals(SnapshotSecurityLevel.DISABLED, getSnapshot(grid(0)).getSecurityLevel());
        assertEquals(SnapshotSecurityLevel.DISABLED, getSnapshot(grid(1)).getSecurityLevel());
        assertEquals(SnapshotSecurityLevel.DISABLED, getSnapshot(startGrid).getSecurityLevel());
        printMetastoreContent(grid(0));
        assertNull(grid(0).context().distributedMetastorage().read(LEVEL_KEY));
        assertNull(grid(1).context().distributedMetastorage().read(LEVEL_KEY));
        assertNull(startGrid.context().distributedMetastorage().read(LEVEL_KEY));
    }

    @Test
    @WithSystemProperty(key = "GG_SNAPSHOT_SECURITY_LEVEL", value = "REQUIRE")
    public void testMetastorageMigrationWithPropertySet() throws Exception {
        startGrids(2);
        grid(0).cluster().active(true);
        IgniteEx startGrid = startGrid("client");
        assertEquals(SnapshotSecurityLevel.REQUIRE, getSnapshot(grid(0)).getSecurityLevel());
        assertEquals(SnapshotSecurityLevel.REQUIRE, getSnapshot(grid(1)).getSecurityLevel());
        assertEquals(SnapshotSecurityLevel.REQUIRE, getSnapshot(startGrid).getSecurityLevel());
        printMetastoreContent(grid(0));
        assertEquals(SnapshotSecurityLevel.REQUIRE, grid(0).context().distributedMetastorage().read(LEVEL_KEY));
        assertEquals(SnapshotSecurityLevel.REQUIRE, grid(1).context().distributedMetastorage().read(LEVEL_KEY));
        assertEquals(SnapshotSecurityLevel.REQUIRE, startGrid.context().distributedMetastorage().read(LEVEL_KEY));
    }

    @Test
    public void testCreateSnapshotMismatchDigestAlgoAcrossNodes() throws Exception {
        doTestCreateSnapshotMismatchSettingsAcrossNodes(TEST_DIGEST_FACTORY, null);
    }

    @Test
    public void testCreateSnapshotMismatchTransformerAcrossNodes() throws Exception {
        doTestCreateSnapshotMismatchSettingsAcrossNodes(null, TEST_TRANSFORMER);
    }

    @Test
    public void testRestoreSnapshotMismatchDigestAlgoAcrossNode() throws Exception {
        doTestRestoreSnapshotMismatchSettingsAcrossNodes(TEST_DIGEST_FACTORY, null);
    }

    @Test
    public void testRestoreSnapshotMismatchTransformerAcrossNodes() throws Exception {
        doTestRestoreSnapshotMismatchSettingsAcrossNodes(null, TEST_TRANSFORMER);
    }

    @Test
    public void testCheckSnapshotMismatchDigestAlgoAcrossNodes() throws Exception {
        doTestCheckSnapshotMismatchSettingsAcrossNodes(TEST_DIGEST_FACTORY, null);
    }

    @Test
    public void testCheckSnapshotMismatchTransformerAcrossNodes() throws Exception {
        doTestCheckSnapshotMismatchSettingsAcrossNodes(null, TEST_TRANSFORMER);
    }

    @Test
    public void testVerifyIsCalledForEmptyVerificationCode() throws Exception {
        final AtomicInteger atomicInteger = new AtomicInteger();
        SnapshotRegistryTransformer snapshotRegistryTransformer = new SnapshotRegistryTransformer() { // from class: org.gridgain.grid.internal.processors.cache.database.SnapshotSecurityLevelSetupTest.2
            public byte[] transform(byte[] bArr) {
                return new byte[0];
            }

            public void verify(byte[] bArr, byte[] bArr2) {
                if (F.isEmpty(bArr2)) {
                    atomicInteger.incrementAndGet();
                }
            }
        };
        IgniteEx startGrid = startGrid(getConfiguration("grid1", null, snapshotRegistryTransformer));
        startGrid(getConfiguration("grid2", null, snapshotRegistryTransformer));
        startGrid.cluster().active(true);
        GridSnapshotEx snapshot = getSnapshot(startGrid);
        snapshot.updateSecurityLevel(SnapshotSecurityLevel.REQUIRE);
        SnapshotFuture createFullSnapshot = snapshot.createFullSnapshot((Set) null, (String) null);
        createFullSnapshot.get(getTestTimeout(), TimeUnit.MILLISECONDS);
        long snapshotId = createFullSnapshot.snapshotOperation().snapshotId();
        List list = (List) snapshot.checkSnapshot(snapshotId, (Collection) null, false, (String) null).get(getTestTimeout(), TimeUnit.MILLISECONDS);
        assertNotNull(list);
        assertEquals(0, list.size());
        assertEquals(2, atomicInteger.get());
        snapshot.restoreSnapshot(snapshotId, (Set) null, (String) null).get(getTestTimeout(), TimeUnit.MILLISECONDS);
        assertEquals(5, atomicInteger.get());
    }

    @Test
    public void testDifferentTransformerName() throws Exception {
        IgniteEx startGrid = startGrid(getConfiguration("grid1", TEST_DIGEST_FACTORY, TEST_TRANSFORMER));
        startGrid(getConfiguration("grid2", TEST_DIGEST_FACTORY, new TestSnapshotRegistryTransformer("secret") { // from class: org.gridgain.grid.internal.processors.cache.database.SnapshotSecurityLevelSetupTest.3
            public String getTransformerName() {
                return "OTHER";
            }
        }));
        IgniteEx startGrid2 = startGrid("client");
        startGrid.cluster().active(true);
        GridSnapshotEx snapshot = getSnapshot(startGrid2);
        snapshot.updateSecurityLevel(SnapshotSecurityLevel.REQUIRE);
        SnapshotFuture createFullSnapshot = snapshot.createFullSnapshot((Set) null, (String) null);
        GridTestUtils.assertThrows(log, () -> {
            return (Void) createFullSnapshot.get(getTestTimeout(), TimeUnit.MILLISECONDS);
        }, IgniteException.class, "Incompatible snapshot security settings detected on some nodes.");
    }

    @Test
    @WithSystemProperty(key = "GG_SNAPSHOT_SECURITY_LEVEL", value = "REQUIRE")
    public void testChangeSecurityLevelApiAuthorization() throws Exception {
        IgniteEx startGrid = startGrid(getConfigurationWithAuth(getTestIgniteInstanceName(0), TEST_DIGEST_FACTORY, TEST_TRANSFORMER));
        IgniteEx startGrid2 = startGrid(getConfigurationWithAuth(getTestIgniteInstanceName(1), TEST_DIGEST_FACTORY, TEST_TRANSFORMER));
        startGrid.cluster().active(true);
        assertEquals(SnapshotSecurityLevel.REQUIRE, getSnapshot(startGrid2).getSecurityLevel());
        try {
            getSnapshot(startGrid2).updateSecurityLevel(SnapshotSecurityLevel.DISABLED);
            fail("must fail with security exception.");
        } catch (SecurityException e) {
            assertTrue(e.getMessage().contains("Authorization failed"));
            assertTrue(e.getMessage().contains(SecurityPermission.CHANGE_SNAPSHOT_SECURITY_LEVEL.name()));
        }
        assertEquals(SnapshotSecurityLevel.REQUIRE, getSnapshot(startGrid2).getSecurityLevel());
        getSnapshot(startGrid).updateSecurityLevel(SnapshotSecurityLevel.DISABLED);
        assertEquals(SnapshotSecurityLevel.DISABLED, getSnapshot(startGrid2).getSecurityLevel());
    }

    private void doTestCreateSnapshotMismatchSettingsAcrossNodes(MessageDigestFactory messageDigestFactory, SnapshotRegistryTransformer snapshotRegistryTransformer) throws Exception {
        startGrid(getConfiguration("grid1", null, null));
        IgniteEx startGrid = startGrid(getConfiguration("grid2", messageDigestFactory, snapshotRegistryTransformer));
        startGrid.cluster().active(true);
        GridSnapshotEx snapshot = getSnapshot(startGrid);
        snapshot.updateSecurityLevel(SnapshotSecurityLevel.REQUIRE);
        SnapshotFuture createFullSnapshot = snapshot.createFullSnapshot((Set) null, (String) null);
        GridTestUtils.assertThrows(log, () -> {
            return (Void) createFullSnapshot.get(getTestTimeout(), TimeUnit.MILLISECONDS);
        }, IgniteException.class, "Incompatible snapshot security settings detected on some nodes.");
    }

    private void doTestRestoreSnapshotMismatchSettingsAcrossNodes(MessageDigestFactory messageDigestFactory, SnapshotRegistryTransformer snapshotRegistryTransformer) throws Exception {
        IgniteEx startGrid = startGrid(getConfiguration("grid1", null, null));
        startGrid(getConfiguration("grid2", null, null));
        startGrid.cluster().active(true);
        GridSnapshotEx snapshot = getSnapshot(startGrid);
        snapshot.updateSecurityLevel(SnapshotSecurityLevel.REQUIRE);
        SnapshotFuture createFullSnapshot = snapshot.createFullSnapshot((Set) null, (String) null);
        createFullSnapshot.get(getTestTimeout(), TimeUnit.MILLISECONDS);
        long snapshotId = createFullSnapshot.snapshotOperation().snapshotId();
        stopGrid("grid2");
        startGrid(getConfiguration("grid2", messageDigestFactory, snapshotRegistryTransformer));
        startGrid.cluster().active(true);
        SnapshotFuture restoreSnapshot = snapshot.restoreSnapshot(snapshotId, (Set) null, (String) null);
        GridTestUtils.assertThrows(log, () -> {
            return (Void) restoreSnapshot.get(getTestTimeout(), TimeUnit.MILLISECONDS);
        }, IgniteException.class, "Incompatible snapshot security settings detected on some nodes.");
    }

    private void doTestCheckSnapshotMismatchSettingsAcrossNodes(MessageDigestFactory messageDigestFactory, SnapshotRegistryTransformer snapshotRegistryTransformer) throws Exception {
        IgniteEx startGrid = startGrid(getConfiguration("grid1", null, null));
        startGrid(getConfiguration("grid2", null, null));
        startGrid.cluster().active(true);
        GridSnapshotEx snapshot = getSnapshot(startGrid);
        snapshot.updateSecurityLevel(SnapshotSecurityLevel.REQUIRE);
        SnapshotFuture createFullSnapshot = snapshot.createFullSnapshot((Set) null, (String) null);
        createFullSnapshot.get(getTestTimeout(), TimeUnit.MILLISECONDS);
        long snapshotId = createFullSnapshot.snapshotOperation().snapshotId();
        stopGrid("grid2");
        startGrid(getConfiguration("grid2", messageDigestFactory, snapshotRegistryTransformer));
        startGrid.cluster().active(true);
        SnapshotFuture checkSnapshot = snapshot.checkSnapshot(snapshotId, (Collection) null, false, (String) null);
        GridTestUtils.assertThrows(log, () -> {
            checkSnapshot.get(getTestTimeout(), TimeUnit.MILLISECONDS);
            return null;
        }, IgniteException.class, "Incompatible snapshot security settings detected on some nodes.");
    }

    private GridSnapshotEx getSnapshot(IgniteEx igniteEx) {
        GridSnapshotEx snapshot = igniteEx.plugin("GridGain").snapshot();
        if ($assertionsDisabled || snapshot != null) {
            return snapshot;
        }
        throw new AssertionError();
    }

    private IgniteConfiguration getConfiguration(String str, MessageDigestFactory messageDigestFactory, SnapshotRegistryTransformer snapshotRegistryTransformer) throws Exception {
        IgniteConfiguration configuration = getConfiguration(str);
        GridPluginUtils.gridPluginConfiguration(configuration).getSnapshotConfiguration().setMessageDigestFactory(messageDigestFactory).setRegistryTransformer(snapshotRegistryTransformer);
        return configuration;
    }

    private IgniteConfiguration getConfigurationWithAuth(String str, MessageDigestFactory messageDigestFactory, SnapshotRegistryTransformer snapshotRegistryTransformer) throws Exception {
        IgniteConfiguration configuration = getConfiguration(str, messageDigestFactory, snapshotRegistryTransformer);
        GridGainConfiguration gridPluginConfiguration = GridPluginUtils.gridPluginConfiguration(configuration);
        PasscodeAuthenticator passcodeAuthenticator = new PasscodeAuthenticator();
        SecurityCredentials securityCredentials = new SecurityCredentials(CREDS[0], CREDS[1]);
        SecurityCredentials securityCredentials2 = new SecurityCredentials(CREDS[2], CREDS[3]);
        passcodeAuthenticator.setAclProvider(new AuthenticationAclBasicProvider(F.asMap(securityCredentials, getPermissionDefinitions(securityCredentials.getLogin().toString()), securityCredentials2, getPermissionDefinitions(securityCredentials2.getLogin().toString()))));
        gridPluginConfiguration.setAuthenticator(passcodeAuthenticator);
        if (getTestIgniteInstanceName(0).equals(str)) {
            gridPluginConfiguration.setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials));
        } else {
            gridPluginConfiguration.setSecurityCredentialsProvider(new SecurityCredentialsBasicProvider(securityCredentials2));
        }
        return configuration;
    }

    private String getPermissionDefinitions(String str) {
        return "{defaultAllow:true,{cache:'*',permissions:[CACHE_READ,CACHE_PUT,CACHE_REMOVE]},{task:'*',permissions:[TASK_EXECUTE]}, {system:[JOIN_AS_SERVER,CACHE_CREATE,CACHE_DESTROY,ADMIN_CACHE,ADMIN_OPS,ADMIN_VIEW" + (CREDS[0].equals(str) ? "," + SecurityPermission.CHANGE_SNAPSHOT_SECURITY_LEVEL.name() : "") + "]}}";
    }

    private void printMetastoreContent(IgniteEx igniteEx) {
        try {
            igniteEx.context().distributedMetastorage().iterate("", (str, serializable) -> {
                System.out.println("Key = " + str + ", Value = " + serializable);
            });
        } catch (Exception e) {
            fail(e.getMessage());
        }
    }

    static {
        $assertionsDisabled = !SnapshotSecurityLevelSetupTest.class.desiredAssertionStatus();
        CREDS = new String[]{"arthur", UUID.randomUUID().toString(), "merlin", UUID.randomUUID().toString()};
        TEST_DIGEST_FACTORY = new MessageDigestFactory() { // from class: org.gridgain.grid.internal.processors.cache.database.SnapshotSecurityLevelSetupTest.1
            public String getAlgorithmCode() {
                return createDigest().getAlgorithm();
            }

            public MessageDigest createDigest() {
                try {
                    return MessageDigest.getInstance("SHA-256");
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException(e);
                }
            }
        };
        TEST_TRANSFORMER = new TestSnapshotRegistryTransformer("secret");
    }
}
