package org.infinispan.rest.resources;

import io.netty.buffer.ByteBufUtil;
import io.netty.util.ResourceLeakDetector;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.CompletionStage;
import javax.security.auth.Subject;
import org.apache.logging.log4j.core.util.StringBuilderWriter;
import org.infinispan.client.rest.RestClient;
import org.infinispan.client.rest.RestEntity;
import org.infinispan.client.rest.RestResponse;
import org.infinispan.client.rest.configuration.Protocol;
import org.infinispan.client.rest.configuration.RestClientConfigurationBuilder;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.configuration.io.ConfigurationWriter;
import org.infinispan.commons.dataconversion.MediaType;
import org.infinispan.commons.jmx.MBeanServerLookup;
import org.infinispan.commons.jmx.TestMBeanServerLookup;
import org.infinispan.commons.test.TestResourceTracker;
import org.infinispan.commons.test.security.TestCertificates;
import org.infinispan.commons.util.Util;
import org.infinispan.commons.util.concurrent.CompletionStages;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.Configuration;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.configuration.internal.PrivateGlobalConfigurationBuilder;
import org.infinispan.configuration.parsing.ParserRegistry;
import org.infinispan.counter.configuration.AbstractCounterConfiguration;
import org.infinispan.counter.configuration.CounterConfigurationSerializer;
import org.infinispan.factories.impl.BasicComponentRegistry;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.protostream.SerializationContextInitializer;
import org.infinispan.rest.RequestHeader;
import org.infinispan.rest.RestTestSCI;
import org.infinispan.rest.TestClass;
import org.infinispan.rest.assertion.ResponseAssertion;
import org.infinispan.rest.authentication.impl.BasicAuthenticator;
import org.infinispan.rest.helper.RestServerHelper;
import org.infinispan.rest.resources.security.SimpleSecurityDomain;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.Security;
import org.infinispan.security.actions.SecurityActions;
import org.infinispan.security.mappers.IdentityRoleMapper;
import org.infinispan.server.core.DummyServerStateManager;
import org.infinispan.server.core.ServerStateManager;
import org.infinispan.test.MultipleCacheManagersTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.infinispan.test.fwk.TransportFlags;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@Test(groups = {"functional"})
/* loaded from: input_file:org/infinispan/rest/resources/AbstractRestResourceTest.class */
public class AbstractRestResourceTest extends MultipleCacheManagersTest {
    public static final String REALM = "ApplicationRealm";
    public static final Subject ADMIN = TestingUtil.makeSubject(new String[]{"ADMIN", "___script_manager", "___schema_manager"});
    public static final Subject USER = TestingUtil.makeSubject(new String[]{"USER", "___script_manager", "___schema_manager"});
    protected RestClient client;
    protected RestClient adminClient;
    protected static final int NUM_SERVERS = 2;
    protected boolean security;
    protected boolean ssl;
    protected boolean browser;
    protected ServerStateManager serverStateManager;
    private final MBeanServerLookup mBeanServerLookup = TestMBeanServerLookup.create();
    private final List<RestServerHelper> restServers = new ArrayList(NUM_SERVERS);
    protected Protocol protocol = Protocol.HTTP_11;

    protected String parameters() {
        return "[security=" + this.security + ", protocol=" + this.protocol.toString() + ", ssl=" + this.ssl + ", browser=" + this.browser + "]";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractRestResourceTest withSecurity(boolean z) {
        this.security = z;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractRestResourceTest protocol(Protocol protocol) {
        this.protocol = protocol;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractRestResourceTest ssl(boolean z) {
        this.ssl = z;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractRestResourceTest browser(boolean z) {
        this.browser = z;
        return this;
    }

    public ConfigurationBuilder getDefaultCacheBuilder() {
        return getDefaultClusteredCacheConfig(CacheMode.DIST_SYNC, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSecurityEnabled() {
        return this.security;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GlobalConfigurationBuilder getGlobalConfigForNode(int i) {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        globalConfigurationBuilder.addModule(PrivateGlobalConfigurationBuilder.class).serverMode(true);
        TestCacheManagerFactory.configureJmx(globalConfigurationBuilder, getClass().getSimpleName() + i, this.mBeanServerLookup);
        globalConfigurationBuilder.cacheContainer().statistics(true);
        globalConfigurationBuilder.serialization().addContextInitializers(new SerializationContextInitializer[]{RestTestSCI.INSTANCE});
        if (isSecurityEnabled()) {
            addSecurity(globalConfigurationBuilder);
        }
        return globalConfigurationBuilder.clusteredDefault().cacheManagerName("default");
    }

    protected void addSecurity(GlobalConfigurationBuilder globalConfigurationBuilder) {
        globalConfigurationBuilder.security().authorization().enable().groupOnlyMapping(false).principalRoleMapper(new IdentityRoleMapper()).role("ADMIN").description("admin role").permission(AuthorizationPermission.ALL).role("USER").description("user role").permission(new AuthorizationPermission[]{AuthorizationPermission.WRITE, AuthorizationPermission.READ, AuthorizationPermission.EXEC, AuthorizationPermission.BULK_READ});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createCacheManagers() throws Exception {
        Security.doAs(ADMIN, () -> {
            for (int i = 0; i < NUM_SERVERS; i++) {
                addClusterEnabledCacheManager(new GlobalConfigurationBuilder().read(getGlobalConfigForNode(i).build()), getDefaultCacheBuilder(), TransportFlags.minimalXsiteFlags());
            }
            this.cacheManagers.forEach(this::defineCaches);
            this.cacheManagers.forEach(embeddedCacheManager -> {
                embeddedCacheManager.defineConfiguration("invalid", getDefaultCacheBuilder().encoding().mediaType("application/x-java-object").indexing().enabled(true).addIndexedEntities(new String[]{"invalid"}).build());
            });
            this.serverStateManager = new DummyServerStateManager();
            for (EmbeddedCacheManager embeddedCacheManager2 : this.cacheManagers) {
                ((BasicComponentRegistry) SecurityActions.getGlobalComponentRegistry(embeddedCacheManager2).getComponent(BasicComponentRegistry.class)).registerComponent(ServerStateManager.class, this.serverStateManager, false);
                embeddedCacheManager2.getClassAllowList().addClasses(new Class[]{TestClass.class});
                waitForClusterToForm((String[]) embeddedCacheManager2.getCacheNames().stream().filter(str -> {
                    try {
                        embeddedCacheManager2.getCache(str);
                        return true;
                    } catch (CacheConfigurationException e) {
                        return false;
                    }
                }).toArray(i2 -> {
                    return new String[i2];
                }));
                RestServerHelper restServerHelper = new RestServerHelper(embeddedCacheManager2);
                configureServer(restServerHelper);
                restServerHelper.start(TestResourceTracker.getCurrentTestShortName());
                this.restServers.add(restServerHelper);
            }
        });
        this.adminClient = RestClient.forConfiguration(getClientConfig("admin", "admin").build());
        this.client = RestClient.forConfiguration(getClientConfig("user", "user").build());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RestServerHelper configureServer(RestServerHelper restServerHelper) {
        if (isSecurityEnabled()) {
            restServerHelper.withAuthenticator(new BasicAuthenticator(new SimpleSecurityDomain(ADMIN, USER), "ApplicationRealm"));
        }
        if (this.ssl) {
            restServerHelper.withKeyStore(TestCertificates.certificate("server"), TestCertificates.KEY_PASSWORD, TestCertificates.KEYSTORE_TYPE).withTrustStore(TestCertificates.certificate("trust"), TestCertificates.KEY_PASSWORD, TestCertificates.KEYSTORE_TYPE);
        }
        return restServerHelper;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RestServerHelper restServer() {
        return this.restServers.get(0);
    }

    protected void defineCaches(EmbeddedCacheManager embeddedCacheManager) {
    }

    @BeforeClass(alwaysRun = true)
    public void beforeClass() {
        ByteBufUtil.setLeakListener(new ResourceLeakDetector.LeakListener() { // from class: org.infinispan.rest.resources.AbstractRestResourceTest.1
            public void onLeak(String str, String str2) {
                throw new RuntimeException(str + ": " + str2);
            }
        });
    }

    @AfterClass
    public void afterClass() {
        Security.doAs(ADMIN, () -> {
            this.restServers.forEach((v0) -> {
                v0.stop();
            });
        });
        Util.close(this.client);
        Util.close(this.adminClient);
    }

    @AfterMethod
    public void afterMethod() {
        Security.doAs(ADMIN, () -> {
            this.restServers.forEach((v0) -> {
                v0.clear();
            });
        });
    }

    private void putInCache(String str, Object obj, String str2, String str3, String str4) {
        String format = String.format("/rest/v2/caches/%s/%s", str, obj);
        HashMap hashMap = new HashMap();
        if (str2 != null) {
            hashMap.put(RequestHeader.KEY_CONTENT_TYPE_HEADER.getValue(), str4);
        }
        ResponseAssertion.assertThat((CompletionStage<RestResponse>) this.client.raw().put(format, hashMap, RestEntity.create(MediaType.fromString(str4), str3))).isOk();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void putInCache(String str, Object obj, String str2, String str3) {
        putInCache(str, obj, null, str2, str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void putStringValueInCache(String str, String str2, String str3) {
        putInCache(str, str2, str3, "text/plain; charset=utf-8");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void putTextEntryInCache(String str, String str2, String str3) {
        putInCache(str, str2, "text/plain", str3, "text/plain");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void putJsonValueInCache(String str, String str2, String str3) {
        putInCache(str, str2, str3, "application/json; charset=utf-8");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void putBinaryValueInCache(String str, String str2, byte[] bArr, MediaType mediaType) {
        ResponseAssertion.assertThat((CompletionStage<RestResponse>) this.client.cache(str).put(str2, RestEntity.create(mediaType, bArr))).isOk();
    }

    private void removeFromCache(String str, Object obj, String str2) {
        String format = String.format("/rest/v2/caches/%s/%s", str, obj);
        HashMap hashMap = new HashMap();
        if (str2 != null) {
            hashMap.put(RequestHeader.KEY_CONTENT_TYPE_HEADER.getValue(), str2);
        }
        ResponseAssertion.assertThat((CompletionStage<RestResponse>) this.client.raw().delete(format, hashMap)).isOk();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeTextEntryFromCache(String str, String str2) {
        removeFromCache(str, str2, "text/plain");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RestClientConfigurationBuilder getClientConfig(String str, String str2) {
        RestClientConfigurationBuilder restClientConfigurationBuilder = new RestClientConfigurationBuilder();
        if (this.protocol != null) {
            restClientConfigurationBuilder.protocol(this.protocol);
        }
        if (this.ssl) {
            restClientConfigurationBuilder.security().ssl().enable().hostnameVerifier((str3, sSLSession) -> {
                return true;
            }).trustStoreFileName(TestCertificates.certificate("ca")).trustStorePassword(TestCertificates.KEY_PASSWORD).trustStoreType(TestCertificates.KEYSTORE_TYPE).keyStoreFileName(TestCertificates.certificate("client")).keyStorePassword(TestCertificates.KEY_PASSWORD).keyStoreType(TestCertificates.KEYSTORE_TYPE);
        }
        if (isSecurityEnabled()) {
            restClientConfigurationBuilder.security().authentication().enable().username(str).password(str2);
        }
        if (this.browser) {
            restClientConfigurationBuilder.header("User-Agent", "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0");
        }
        this.restServers.forEach(restServerHelper -> {
            restClientConfigurationBuilder.addServer().host(restServerHelper.getHost()).port(restServerHelper.getPort());
        });
        return restClientConfigurationBuilder;
    }

    public static String cacheConfigToJson(String str, Configuration configuration) {
        StringBuilderWriter stringBuilderWriter = new StringBuilderWriter();
        ConfigurationWriter build = ConfigurationWriter.to(stringBuilderWriter).withType(MediaType.APPLICATION_JSON).prettyPrint(false).build();
        try {
            new ParserRegistry().serialize(build, str, configuration);
            if (build != null) {
                build.close();
            }
            return stringBuilderWriter.toString();
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static String counterConfigToJson(AbstractCounterConfiguration abstractCounterConfiguration) {
        org.infinispan.commons.io.StringBuilderWriter stringBuilderWriter = new org.infinispan.commons.io.StringBuilderWriter();
        ConfigurationWriter build = ConfigurationWriter.to(stringBuilderWriter).withType(MediaType.APPLICATION_JSON).build();
        try {
            new CounterConfigurationSerializer().serializeConfiguration(build, abstractCounterConfiguration);
            if (build != null) {
                build.close();
            }
            return stringBuilderWriter.toString();
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RestResponse join(CompletionStage<RestResponse> completionStage) {
        RestResponse restResponse = (RestResponse) CompletionStages.join(completionStage);
        checkBrowserHeaders(restResponse);
        return restResponse;
    }

    protected void checkBrowserHeaders(RestResponse restResponse) {
        if (this.browser) {
            AssertJUnit.assertEquals("sameorigin", restResponse.header("X-Frame-Options"));
            AssertJUnit.assertEquals("1; mode=block", restResponse.header("X-XSS-Protection"));
            AssertJUnit.assertEquals("nosniff", restResponse.header("X-Content-Type-Options"));
            if (this.ssl) {
                AssertJUnit.assertEquals("max-age=31536000 ; includeSubDomains", restResponse.header("Strict-Transport-Security"));
            }
        }
    }
}
