package org.infinispan.security;

import java.util.Map;
import javax.security.auth.Subject;
import org.infinispan.Cache;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.functional.FunctionalTestUtils;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.mappers.ClusterPermissionMapper;
import org.infinispan.security.mappers.ClusterRoleMapper;
import org.infinispan.test.MultipleCacheManagersTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.infinispan.test.fwk.TransportFlags;
import org.infinispan.topology.ClusterTopologyManager;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.DynamicRBACTest")
/* loaded from: input_file:org/infinispan/security/DynamicRBACTest.class */
public class DynamicRBACTest extends MultipleCacheManagersTest {
    static final Subject ADMIN = TestingUtil.makeSubject(CustomAuditLoggerTest.ADMIN_ROLE);
    static final Subject SUBJECT_A = TestingUtil.makeSubject("A");
    static final Subject SUBJECT_B = TestingUtil.makeSubject("B");
    private ClusterRoleMapper crm;
    private ClusterPermissionMapper cpm;

    @Override // org.infinispan.test.MultipleCacheManagersTest
    protected void createCacheManagers() throws Throwable {
        Security.doAs(ADMIN, () -> {
            addClusterEnabledCacheManager(getGlobalConfigurationBuilder(), getConfigurationBuilder());
            addClusterEnabledCacheManager(getGlobalConfigurationBuilder(), getConfigurationBuilder());
            waitForClusterToForm();
            this.crm = this.cacheManagers.get(0).getCacheManagerConfiguration().security().authorization().principalRoleMapper();
            this.crm.grant(CustomAuditLoggerTest.ADMIN_ROLE, CustomAuditLoggerTest.ADMIN_ROLE);
            this.cpm = this.cacheManagers.get(0).getCacheManagerConfiguration().security().authorization().rolePermissionMapper();
            FunctionalTestUtils.await(this.cpm.addRole(Role.newRole("wizard", true, new AuthorizationPermission[]{AuthorizationPermission.ALL_WRITE})));
            FunctionalTestUtils.await(this.cpm.addRole(Role.newRole("cleric", true, new AuthorizationPermission[]{AuthorizationPermission.ALL_READ})));
            return null;
        });
    }

    private ConfigurationBuilder getConfigurationBuilder() {
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        defaultCacheConfiguration.clustering().cacheMode(CacheMode.DIST_SYNC);
        defaultCacheConfiguration.security().authorization().enable().role(CustomAuditLoggerTest.READER_ROLE).role("writer").role(CustomAuditLoggerTest.ADMIN_ROLE);
        return defaultCacheConfiguration;
    }

    private GlobalConfigurationBuilder getGlobalConfigurationBuilder() {
        GlobalConfigurationBuilder defaultClusteredBuilder = GlobalConfigurationBuilder.defaultClusteredBuilder();
        defaultClusteredBuilder.security().authorization().enable().principalRoleMapper(new ClusterRoleMapper()).rolePermissionMapper(new ClusterPermissionMapper()).role(CustomAuditLoggerTest.READER_ROLE).permission(AuthorizationPermission.ALL_READ).role("writer").permission(AuthorizationPermission.ALL_WRITE).role(CustomAuditLoggerTest.ADMIN_ROLE).permission(AuthorizationPermission.ALL);
        return defaultClusteredBuilder;
    }

    public void testClusterPrincipalMapper() {
        this.crm.grant("writer", "A");
        Security.doAs(SUBJECT_A, () -> {
            this.cacheManagers.get(0).getCache().put("key", "value");
            return null;
        });
        this.crm.grant(CustomAuditLoggerTest.READER_ROLE, "B");
        Security.doAs(SUBJECT_B, () -> {
            AssertJUnit.assertEquals("value", this.cacheManagers.get(0).getCache().get("key"));
            return null;
        });
    }

    public void testClusterPermissionMapper() {
        Map allRoles = this.cpm.getAllRoles();
        AssertJUnit.assertEquals(2, allRoles.size());
        AssertJUnit.assertTrue(allRoles.containsKey("wizard"));
        AssertJUnit.assertTrue(allRoles.containsKey("cleric"));
        Cache cache = (Cache) Security.doAs(ADMIN, () -> {
            ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
            configurationBuilder.security().authorization().enable().roles(new String[]{CustomAuditLoggerTest.ADMIN_ROLE, "wizard", "cleric"});
            return this.cacheManagers.get(0).createCache("cpm", configurationBuilder.build(this.cacheManagers.get(0).getCacheManagerConfiguration()));
        });
        Security.doAs(TestingUtil.makeSubject("wizard"), () -> {
            cache.put("key", "value");
            return null;
        });
        Security.doAs(TestingUtil.makeSubject("cleric"), () -> {
            AssertJUnit.assertEquals("value", (String) cache.get("key"));
            return null;
        });
        FunctionalTestUtils.await(this.cpm.removeRole("cleric"));
        AssertJUnit.assertEquals(1, this.cpm.getAllRoles().size());
    }

    public void testJoiner() {
        this.crm.grant("wizard", "gandalf");
        ClusterTopologyManager clusterTopologyManager = (ClusterTopologyManager) TestingUtil.extractComponent((Cache) TestingUtil.extractField(this.crm, "clusterRoleMap"), ClusterTopologyManager.class);
        clusterTopologyManager.setRebalancingEnabled(false);
        FunctionalTestUtils.await(this.cpm.addRole(Role.newRole("rogue", true, new AuthorizationPermission[]{AuthorizationPermission.LISTEN})));
        ClusterTopologyManager clusterTopologyManager2 = (ClusterTopologyManager) TestingUtil.extractComponent((Cache) TestingUtil.extractField(this.cpm, "clusterPermissionMap"), ClusterTopologyManager.class);
        clusterTopologyManager2.setRebalancingEnabled(false);
        try {
            EmbeddedCacheManager embeddedCacheManager = (EmbeddedCacheManager) Security.doAs(ADMIN, () -> {
                return addClusterEnabledCacheManager(getGlobalConfigurationBuilder(), getConfigurationBuilder(), new TransportFlags().withFD(true));
            });
            ClusterRoleMapper clusterRoleMapper = (ClusterRoleMapper) Security.doAs(ADMIN, () -> {
                return embeddedCacheManager.getCacheManagerConfiguration().security().authorization().principalRoleMapper();
            });
            TestingUtil.TestPrincipal testPrincipal = new TestingUtil.TestPrincipal("gandalf");
            AssertJUnit.assertTrue(this.crm.principalToRoles(testPrincipal).contains("wizard"));
            AssertJUnit.assertTrue(this.crm.list("gandalf").contains("wizard"));
            AssertJUnit.assertFalse(clusterRoleMapper.principalToRoles(testPrincipal).contains("wizard"));
            AssertJUnit.assertFalse(clusterRoleMapper.list("gandalf").contains("wizard"));
            ClusterPermissionMapper clusterPermissionMapper = (ClusterPermissionMapper) Security.doAs(ADMIN, () -> {
                return embeddedCacheManager.getCacheManagerConfiguration().security().authorization().rolePermissionMapper();
            });
            AssertJUnit.assertNotNull(this.cpm.getRole("rogue"));
            AssertJUnit.assertNull(clusterPermissionMapper.getRole("rogue"));
            clusterTopologyManager.setRebalancingEnabled(true);
            clusterTopologyManager2.setRebalancingEnabled(true);
        } catch (Throwable th) {
            clusterTopologyManager.setRebalancingEnabled(true);
            clusterTopologyManager2.setRebalancingEnabled(true);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.MultipleCacheManagersTest
    @AfterClass(alwaysRun = true)
    public void destroy() {
        Security.doAs(ADMIN, () -> {
            super.destroy();
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.MultipleCacheManagersTest
    public void clearContent() {
        Security.doAs(ADMIN, () -> {
            this.cacheManagers.forEach(embeddedCacheManager -> {
                embeddedCacheManager.getCache().clear();
            });
            return null;
        });
    }
}
