package org.infinispan.security;

import java.util.List;
import javax.security.auth.Subject;
import org.infinispan.AdvancedCache;
import org.infinispan.commons.test.CommonsTestingUtil;
import org.infinispan.commons.util.Util;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.functional.FunctionalTestUtils;
import org.infinispan.globalstate.ConfigurationStorage;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.mappers.ClusterPermissionMapper;
import org.infinispan.security.mappers.ClusterRoleMapper;
import org.infinispan.test.MultipleCacheManagersTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.DynamicRBACRestartTest")
/* loaded from: input_file:org/infinispan/security/DynamicRBACRestartTest.class */
public class DynamicRBACRestartTest extends MultipleCacheManagersTest {
    static final Subject ADMIN = TestingUtil.makeSubject(CustomAuditLoggerTest.ADMIN_ROLE);
    private ClusterRoleMapper crm;
    private ClusterPermissionMapper cpm;

    @Override // org.infinispan.test.MultipleCacheManagersTest
    protected void createCacheManagers() throws Throwable {
        Security.doAs(ADMIN, () -> {
            addClusterEnabledCacheManager(getGlobalConfigurationBuilder("A", true), getConfigurationBuilder());
            addClusterEnabledCacheManager(getGlobalConfigurationBuilder("B", true), getConfigurationBuilder());
            waitForClusterToForm();
            this.crm = this.cacheManagers.get(0).getCacheManagerConfiguration().security().authorization().principalRoleMapper();
            this.crm.grant(CustomAuditLoggerTest.ADMIN_ROLE, CustomAuditLoggerTest.ADMIN_ROLE);
            this.cpm = this.cacheManagers.get(0).getCacheManagerConfiguration().security().authorization().rolePermissionMapper();
            FunctionalTestUtils.await(this.cpm.addRole(Role.newRole("wizard", true, new AuthorizationPermission[]{AuthorizationPermission.ALL_WRITE})));
            FunctionalTestUtils.await(this.cpm.addRole(Role.newRole("cleric", true, new AuthorizationPermission[]{AuthorizationPermission.ALL_READ})));
            return null;
        });
    }

    private ConfigurationBuilder getConfigurationBuilder() {
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        defaultCacheConfiguration.clustering().cacheMode(CacheMode.DIST_SYNC);
        defaultCacheConfiguration.security().authorization().enable().role(CustomAuditLoggerTest.READER_ROLE).role("writer").role(CustomAuditLoggerTest.ADMIN_ROLE);
        return defaultCacheConfiguration;
    }

    private GlobalConfigurationBuilder getGlobalConfigurationBuilder(String str, boolean z) {
        String tmpDirectory = CommonsTestingUtil.tmpDirectory(new String[]{getClass().getSimpleName(), str});
        if (z) {
            Util.recursiveFileRemove(tmpDirectory);
        }
        GlobalConfigurationBuilder defaultClusteredBuilder = GlobalConfigurationBuilder.defaultClusteredBuilder();
        defaultClusteredBuilder.globalState().enable().persistentLocation(tmpDirectory).configurationStorage(ConfigurationStorage.OVERLAY);
        defaultClusteredBuilder.security().authorization().enable().principalRoleMapper(new ClusterRoleMapper()).rolePermissionMapper(new ClusterPermissionMapper()).role(CustomAuditLoggerTest.READER_ROLE).permission(AuthorizationPermission.ALL_READ).role("writer").permission(AuthorizationPermission.ALL_WRITE).role(CustomAuditLoggerTest.ADMIN_ROLE).permission(AuthorizationPermission.ALL);
        return defaultClusteredBuilder;
    }

    public void testPermissionsRestart() {
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        defaultCacheConfiguration.clustering().cacheMode(CacheMode.DIST_SYNC);
        defaultCacheConfiguration.security().authorization().enable().role(CustomAuditLoggerTest.ADMIN_ROLE).role("wizard").role("cleric");
        Security.doAs(ADMIN, () -> {
            return this.cacheManagers.get(0).administration().createCache("minastirith", defaultCacheConfiguration.build());
        });
        Security.doAs(ADMIN, () -> {
            TestingUtil.killCacheManagers((List<? extends EmbeddedCacheManager>) this.cacheManagers);
        });
        this.cacheManagers.clear();
        Security.doAs(ADMIN, () -> {
            addClusterEnabledCacheManager(getGlobalConfigurationBuilder("A", false), getConfigurationBuilder());
            addClusterEnabledCacheManager(getGlobalConfigurationBuilder("B", false), getConfigurationBuilder());
            waitForClusterToForm();
        });
        AdvancedCache advancedCache = mo176manager(0).getCache("minastirith").getAdvancedCache();
        advancedCache.withSubject(TestingUtil.makeSubject("wizard")).put("k1", "v1");
        AssertJUnit.assertEquals("v1", advancedCache.withSubject(TestingUtil.makeSubject("cleric")).get("k1"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.MultipleCacheManagersTest
    @AfterClass(alwaysRun = true)
    public void destroy() {
        Security.doAs(ADMIN, () -> {
            super.destroy();
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.MultipleCacheManagersTest
    public void clearContent() {
        Security.doAs(ADMIN, () -> {
            this.cacheManagers.forEach(embeddedCacheManager -> {
                embeddedCacheManager.getCache().clear();
            });
            return null;
        });
    }
}
