package org.apache.ignite.internal.processors.security.client;

import com.google.common.collect.ImmutableSet;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.function.Consumer;
import org.apache.ignite.IgniteException;
import org.apache.ignite.Ignition;
import org.apache.ignite.client.ClientAuthorizationException;
import org.apache.ignite.client.Config;
import org.apache.ignite.client.IgniteClient;
import org.apache.ignite.client.SslMode;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.configuration.ClientConfiguration;
import org.apache.ignite.configuration.ClientConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.processors.cache.IgniteMarshallerCacheSeparateDirectoryTest;
import org.apache.ignite.internal.processors.security.AbstractSecurityTest;
import org.apache.ignite.internal.processors.security.impl.TestCertificateSecurityPluginProvider;
import org.apache.ignite.internal.processors.security.impl.TestSecurityData;
import org.apache.ignite.internal.util.lang.GridFunc;
import org.apache.ignite.internal.util.typedef.G;
import org.apache.ignite.lang.IgniteBiTuple;
import org.apache.ignite.plugin.PluginProvider;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
import org.apache.ignite.testframework.GridTestUtils;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;

@RunWith(JUnit4.class)
/* loaded from: input_file:org/apache/ignite/internal/processors/security/client/ThinClientSslPermissionCheckTest.class */
public class ThinClientSslPermissionCheckTest extends AbstractSecurityTest {
    private static final String CLIENT = "node01";
    private static final String CLIENT_SYS_PERM = "node02";
    private static final String CLIENT_CACHE_TASK_OPER = "node03";
    private static final String CACHE = "TEST_CACHE";
    private static final String FORBIDDEN_CACHE = "FORBIDDEN_TEST_CACHE";
    private static final String DYNAMIC_CACHE = "DYNAMIC_TEST_CACHE";
    public static final String REMOVE_ALL_TASK = "org.apache.ignite.internal.processors.cache.distributed.GridDistributedCacheAdapter$RemoveAllTask";
    public static final String CLEAR_TASK = "org.apache.ignite.internal.processors.cache.GridCacheAdapter$ClearTask";

    private IgniteConfiguration getConfiguration(TestSecurityData... testSecurityDataArr) throws Exception {
        return getConfiguration(G.allGrids().size(), testSecurityDataArr);
    }

    private IgniteConfiguration getConfiguration(int i, TestSecurityData... testSecurityDataArr) throws Exception {
        IgniteConfiguration configuration = getConfiguration(getTestIgniteInstanceName(i));
        configuration.setPluginProviders(new PluginProvider[]{new TestCertificateSecurityPluginProvider(testSecurityDataArr)});
        return configuration.setCacheConfiguration(new CacheConfiguration[]{new CacheConfiguration().setName(CACHE), new CacheConfiguration().setName(FORBIDDEN_CACHE)}).setClientConnectorConfiguration(new ClientConnectorConfiguration().setSslEnabled(true).setSslClientAuth(true).setUseIgniteSslContextFactory(false).setSslContextFactory(GridTestUtils.sslTrustedFactory(CLIENT, "trustboth")));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.ignite.testframework.junits.GridAbstractTest
    public void beforeTestsStarted() throws Exception {
        startGrid(getConfiguration(new TestSecurityData(CLIENT, SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendCachePermissions(CACHE, new SecurityPermission[]{SecurityPermission.CACHE_READ, SecurityPermission.CACHE_PUT, SecurityPermission.CACHE_REMOVE}).appendCachePermissions(FORBIDDEN_CACHE, EMPTY_PERMS).build()), new TestSecurityData(CLIENT_SYS_PERM, SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.CACHE_DESTROY}).build()), new TestSecurityData(CLIENT_CACHE_TASK_OPER, SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendCachePermissions(CACHE, new SecurityPermission[]{SecurityPermission.CACHE_REMOVE}).appendTaskPermissions("org.apache.ignite.internal.processors.cache.distributed.GridDistributedCacheAdapter$RemoveAllTask", new SecurityPermission[]{SecurityPermission.TASK_EXECUTE}).appendTaskPermissions("org.apache.ignite.internal.processors.cache.GridCacheAdapter$ClearTask", new SecurityPermission[]{SecurityPermission.TASK_EXECUTE}).build()))).cluster().active(true);
    }

    @Test
    public void testCacheSinglePermOperations() throws Exception {
        Iterator<IgniteBiTuple<Consumer<IgniteClient>, String>> it = operations(CACHE).iterator();
        while (it.hasNext()) {
            runOperation(CLIENT, it.next());
        }
        for (IgniteBiTuple<Consumer<IgniteClient>, String> igniteBiTuple : operations(FORBIDDEN_CACHE)) {
            GridTestUtils.assertThrowsWithCause(() -> {
                runOperation(CLIENT, igniteBiTuple);
            }, (Class<? extends Throwable>) ClientAuthorizationException.class);
        }
    }

    @Test
    public void testCacheTaskPermOperations() throws Exception {
        for (IgniteBiTuple<Consumer<IgniteClient>, String> igniteBiTuple : Arrays.asList(GridFunc.t(igniteClient -> {
            igniteClient.cache(CACHE).removeAll();
        }, "removeAll"), GridFunc.t(igniteClient2 -> {
            igniteClient2.cache(CACHE).clear();
        }, "clear"), GridFunc.t(igniteClient3 -> {
            igniteClient3.cache(CACHE).clear(IgniteMarshallerCacheSeparateDirectoryTest.KEY);
        }, "clearKey"), GridFunc.t(igniteClient4 -> {
            igniteClient4.cache(CACHE).clearAll(ImmutableSet.of(IgniteMarshallerCacheSeparateDirectoryTest.KEY));
        }, "clearKeys"))) {
            runOperation(CLIENT_CACHE_TASK_OPER, igniteBiTuple);
            GridTestUtils.assertThrowsWithCause(() -> {
                runOperation(CLIENT, igniteBiTuple);
            }, (Class<? extends Throwable>) ClientAuthorizationException.class);
        }
    }

    @Test
    public void testSysOperation() throws Exception {
        IgniteClient startClient = startClient(CLIENT_SYS_PERM);
        Throwable th = null;
        try {
            startClient.createCache(DYNAMIC_CACHE);
            assertTrue(startClient.cacheNames().contains(DYNAMIC_CACHE));
            startClient.destroyCache(DYNAMIC_CACHE);
            assertFalse(startClient.cacheNames().contains(DYNAMIC_CACHE));
            if (startClient != null) {
                if (0 != 0) {
                    try {
                        startClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    startClient.close();
                }
            }
            for (IgniteBiTuple igniteBiTuple : Arrays.asList(GridFunc.t(igniteClient -> {
                igniteClient.createCache(DYNAMIC_CACHE);
            }, "createCache"), GridFunc.t(igniteClient2 -> {
                igniteClient2.destroyCache(CACHE);
            }, "destroyCache"))) {
                GridTestUtils.assertThrowsWithCause(() -> {
                    runOperation(CLIENT, igniteBiTuple);
                }, (Class<? extends Throwable>) ClientAuthorizationException.class);
            }
        } catch (Throwable th3) {
            if (startClient != null) {
                if (0 != 0) {
                    try {
                        startClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    startClient.close();
                }
            }
            throw th3;
        }
    }

    private Collection<IgniteBiTuple<Consumer<IgniteClient>, String>> operations(String str) {
        return Arrays.asList(GridFunc.t(igniteClient -> {
            igniteClient.cache(str).put(IgniteMarshallerCacheSeparateDirectoryTest.KEY, "value");
        }, "put"), GridFunc.t(igniteClient2 -> {
            igniteClient2.cache(str).putAll(Collections.singletonMap(IgniteMarshallerCacheSeparateDirectoryTest.KEY, "value"));
        }, "putAll"), GridFunc.t(igniteClient3 -> {
            igniteClient3.cache(str).get(IgniteMarshallerCacheSeparateDirectoryTest.KEY);
        }, "get)"), GridFunc.t(igniteClient4 -> {
            igniteClient4.cache(str).getAll(Collections.singleton(IgniteMarshallerCacheSeparateDirectoryTest.KEY));
        }, "getAll"), GridFunc.t(igniteClient5 -> {
            igniteClient5.cache(str).containsKey(IgniteMarshallerCacheSeparateDirectoryTest.KEY);
        }, "containsKey"), GridFunc.t(igniteClient6 -> {
            igniteClient6.cache(str).containsKeys(ImmutableSet.of(IgniteMarshallerCacheSeparateDirectoryTest.KEY));
        }, "containsKeys"), GridFunc.t(igniteClient7 -> {
            igniteClient7.cache(str).remove(IgniteMarshallerCacheSeparateDirectoryTest.KEY);
        }, "remove"), GridFunc.t(igniteClient8 -> {
            igniteClient8.cache(str).replace(IgniteMarshallerCacheSeparateDirectoryTest.KEY, "value");
        }, "replace"), GridFunc.t(igniteClient9 -> {
            igniteClient9.cache(str).putIfAbsent(IgniteMarshallerCacheSeparateDirectoryTest.KEY, "value");
        }, "putIfAbsent"), GridFunc.t(igniteClient10 -> {
            igniteClient10.cache(str).getAndPutIfAbsent(IgniteMarshallerCacheSeparateDirectoryTest.KEY, "value");
        }, "getAndPutIfAbsent"), GridFunc.t(igniteClient11 -> {
            igniteClient11.cache(str).getAndPut(IgniteMarshallerCacheSeparateDirectoryTest.KEY, "value");
        }, "getAndPut"), GridFunc.t(igniteClient12 -> {
            igniteClient12.cache(str).getAndRemove(IgniteMarshallerCacheSeparateDirectoryTest.KEY);
        }, "getAndRemove"), GridFunc.t(igniteClient13 -> {
            igniteClient13.cache(str).getAndReplace(IgniteMarshallerCacheSeparateDirectoryTest.KEY, "value");
        }, "getAndReplace"));
    }

    private void runOperation(String str, IgniteBiTuple<Consumer<IgniteClient>, String> igniteBiTuple) {
        try {
            IgniteClient startClient = startClient(str);
            Throwable th = null;
            try {
                try {
                    ((Consumer) igniteBiTuple.get1()).accept(startClient);
                    if (startClient != null) {
                        if (0 != 0) {
                            try {
                                startClient.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            startClient.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IgniteException((String) igniteBiTuple.get2(), e);
        }
    }

    private IgniteClient startClient(String str) {
        return Ignition.startClient(new ClientConfiguration().setAddresses(new String[]{Config.SERVER}).setSslMode(SslMode.REQUIRED).setSslClientCertificateKeyStorePath(GridTestUtils.keyStorePath(str)).setSslClientCertificateKeyStorePassword(GridTestUtils.keyStorePassword()).setSslTrustCertificateKeyStorePath(GridTestUtils.keyStorePath("trustone")).setSslTrustCertificateKeyStorePassword(GridTestUtils.keyStorePassword()));
    }
}
