package org.apache.ignite.jdbc.thin;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.concurrent.Callable;
import javax.cache.configuration.Factory;
import javax.net.ssl.SSLContext;
import org.apache.ignite.configuration.ClientConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.binary.BinaryMarshaller;
import org.apache.ignite.internal.processors.security.impl.TestAdditionalSecurityPluginProvider;
import org.apache.ignite.internal.processors.security.impl.TestSecurityData;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.plugin.PluginProvider;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
import org.apache.ignite.ssl.SslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
import org.junit.Test;

/* loaded from: input_file:org/apache/ignite/jdbc/thin/JdbcThinConnectionAdditionalSecurityTest.class */
public class JdbcThinConnectionAdditionalSecurityTest extends JdbcThinAbstractSelfTest {
    private static final String CLI_KEY_STORE_PATH = U.getIgniteHome() + "/modules/clients/src/test/keystore/client.jks";
    private static final String SRV_KEY_STORE_PATH = U.getIgniteHome() + "/modules/clients/src/test/keystore/server.jks";
    private static final String TRUST_KEY_STORE_PATH = U.getIgniteHome() + "/modules/clients/src/test/keystore/trust-one.jks";
    private static Factory<SSLContext> sslCtxFactory;
    private static boolean setSslCtxFactoryToCli;
    private static boolean setSslCtxFactoryToIgnite;

    protected IgniteConfiguration getConfiguration(String str) throws Exception {
        IgniteConfiguration configuration = super.getConfiguration(str);
        configuration.setMarshaller(new BinaryMarshaller());
        configuration.setPluginProviders(new PluginProvider[]{new TestAdditionalSecurityPluginProvider("srv_" + str, (String) null, SecurityPermissionSetBuilder.ALLOW_ALL, false, true, clientData())});
        configuration.setClientConnectorConfiguration(new ClientConnectorConfiguration().setSslEnabled(true).setUseIgniteSslContextFactory(setSslCtxFactoryToIgnite).setSslClientAuth(true).setSslContextFactory(setSslCtxFactoryToCli ? sslCtxFactory : null));
        configuration.setSslContextFactory(setSslCtxFactoryToIgnite ? sslCtxFactory : null);
        return configuration;
    }

    protected TestSecurityData[] clientData() {
        return new TestSecurityData[]{new TestSecurityData("client", "pwd", SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendSystemPermissions(new SecurityPermission[]{SecurityPermission.ADMIN_OPS}).build())};
    }

    @Test
    public void testConnection() throws Exception {
        setSslCtxFactoryToCli = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            Connection connection = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&user=client_admin_oper&password=pwd&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456&userAttributesFactory=org.apache.ignite.internal.processors.security.UserAttributesFactory");
            Throwable th = null;
            try {
                checkConnection(connection);
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } finally {
            }
        } finally {
            stopAllGrids();
        }
    }

    @Test
    public void testConnectionNoClientVersion() throws Exception {
        setSslCtxFactoryToIgnite = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            GridTestUtils.assertThrows(log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionAdditionalSecurityTest.1
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&user=client_admin_oper&password=pwd&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionAdditionalSecurityTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionAdditionalSecurityTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456");
                    return null;
                }
            }, SQLException.class, "Client version is not found.");
        } finally {
            stopAllGrids();
        }
    }

    @Test
    public void testConnectionWrongLogin() throws Exception {
        setSslCtxFactoryToIgnite = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            GridTestUtils.assertThrows(log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionAdditionalSecurityTest.2
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&user=server&password=pwd&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionAdditionalSecurityTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionAdditionalSecurityTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456&userAttributesFactory=org.apache.ignite.internal.processors.security.UserAttributesFactory");
                    return null;
                }
            }, SQLException.class, "User isn't allowed to use client");
        } finally {
            stopAllGrids();
        }
    }

    @Test
    public void testConnectionUseIgniteFactory() throws Exception {
        setSslCtxFactoryToIgnite = true;
        sslCtxFactory = getTestSslContextFactory();
        startGrids(1);
        try {
            GridTestUtils.assertThrows(log, new Callable<Object>() { // from class: org.apache.ignite.jdbc.thin.JdbcThinConnectionAdditionalSecurityTest.3
                @Override // java.util.concurrent.Callable
                public Object call() throws Exception {
                    DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require&sslClientCertificateKeyStoreUrl=" + JdbcThinConnectionAdditionalSecurityTest.CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456&sslTrustCertificateKeyStoreUrl=" + JdbcThinConnectionAdditionalSecurityTest.TRUST_KEY_STORE_PATH + "&sslTrustCertificateKeyStorePassword=123456&userAttributesFactory=org.apache.ignite.internal.processors.security.UserAttributesFactory");
                    return null;
                }
            }, SQLException.class, "User isn't allowed to use client");
        } finally {
            stopAllGrids();
        }
    }

    public void checkConnection(Connection connection) throws SQLException {
        assertEquals("PUBLIC", connection.getSchema());
        Statement createStatement = connection.createStatement();
        Throwable th = null;
        try {
            ResultSet executeQuery = createStatement.executeQuery("SELECT 1");
            assertTrue(executeQuery.next());
            assertEquals(1, executeQuery.getInt(1));
            if (createStatement != null) {
                if (0 == 0) {
                    createStatement.close();
                    return;
                }
                try {
                    createStatement.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (createStatement != null) {
                if (0 != 0) {
                    try {
                        createStatement.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createStatement.close();
                }
            }
            throw th3;
        }
    }

    private static Factory<SSLContext> getTestSslContextFactory() {
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStoreFilePath(SRV_KEY_STORE_PATH);
        sslContextFactory.setKeyStorePassword("123456".toCharArray());
        sslContextFactory.setTrustStoreFilePath(TRUST_KEY_STORE_PATH);
        sslContextFactory.setTrustStorePassword("123456".toCharArray());
        return sslContextFactory;
    }
}
