package org.infinispan.security;

import java.util.Set;
import javax.security.auth.Subject;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.mappers.IdentityRoleMapper;
import org.infinispan.test.SingleCacheManagerTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "security.RolePermissionTest")
/* loaded from: input_file:org/infinispan/security/RolePermissionTest.class */
public class RolePermissionTest extends SingleCacheManagerTest {
    static final Subject ADMIN = TestingUtil.makeSubject(CustomAuditLoggerTest.ADMIN_ROLE);
    static final Subject SUBJECT_A = TestingUtil.makeSubject("A", "role1");
    static final Subject SUBJECT_WITHOUT_PRINCIPAL = TestingUtil.makeSubject(new String[0]);
    AuthorizationManager authzManager;

    @Override // org.infinispan.test.SingleCacheManagerTest
    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        GlobalAuthorizationConfigurationBuilder principalRoleMapper = globalConfigurationBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper());
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        principalRoleMapper.role("role1").permission(AuthorizationPermission.EXEC).role("role2").permission(AuthorizationPermission.EXEC).role("role3").permission(new AuthorizationPermission[]{AuthorizationPermission.READ, AuthorizationPermission.WRITE}).role("role4").permission(new AuthorizationPermission[]{AuthorizationPermission.READ, AuthorizationPermission.WRITE}).role("role5").permission(new AuthorizationPermission[]{AuthorizationPermission.READ, AuthorizationPermission.WRITE}).role(CustomAuditLoggerTest.ADMIN_ROLE).permission(AuthorizationPermission.ALL);
        defaultCacheConfiguration.security().authorization().enable().role("role1").role("role2").role(CustomAuditLoggerTest.ADMIN_ROLE);
        return TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void setup() throws Exception {
        this.authzManager = (AuthorizationManager) Security.doAs(ADMIN, () -> {
            try {
                this.cacheManager = createCacheManager();
                if (this.cache == null) {
                    this.cache = this.cacheManager.getCache();
                }
                return this.cache.getAdvancedCache().getAuthorizationManager();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });
    }

    public void testPermissionAndRole() {
        Security.doAs(SUBJECT_A, () -> {
            this.authzManager.checkPermission(AuthorizationPermission.EXEC, "role1");
            return null;
        });
    }

    public void testPermissionAndNoRole() {
        Security.doAs(SUBJECT_A, () -> {
            this.authzManager.checkPermission(AuthorizationPermission.EXEC);
            return null;
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testWrongPermissionAndNoRole() {
        Security.doAs(SUBJECT_A, () -> {
            this.authzManager.checkPermission(AuthorizationPermission.LISTEN);
            return null;
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testWrongPermissionAndRole() {
        Security.doAs(SUBJECT_A, () -> {
            this.authzManager.checkPermission(AuthorizationPermission.LISTEN, "role1");
            return null;
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testPermissionAndWrongRole() {
        Security.doAs(SUBJECT_A, () -> {
            this.authzManager.checkPermission(AuthorizationPermission.EXEC, "role2");
            return null;
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testWrongPermissionAndWrongRole() {
        Security.doAs(SUBJECT_A, () -> {
            this.authzManager.checkPermission(AuthorizationPermission.LISTEN, "role2");
            return null;
        });
    }

    public void testNoPrincipalInSubject() {
        Security.doAs(SUBJECT_WITHOUT_PRINCIPAL, () -> {
            this.authzManager.checkPermission(AuthorizationPermission.NONE);
            return null;
        });
    }

    public void testAccessibleCaches() {
        Security.doAs(ADMIN, () -> {
            for (int i = 3; i < 6; i++) {
                ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
                defaultCacheConfiguration.security().authorization().enable().role("role" + i).role(CustomAuditLoggerTest.ADMIN_ROLE);
                this.cacheManager.createCache("cache" + i, defaultCacheConfiguration.build());
            }
        });
        Set set = (Set) Security.doAs(TestingUtil.makeSubject("Subject34", "role3", "role4"), () -> {
            return this.cacheManager.getAccessibleCacheNames();
        });
        AssertJUnit.assertEquals(2, set.size());
        AssertJUnit.assertTrue(set.toString(), set.contains("cache3"));
        AssertJUnit.assertTrue(set.toString(), set.contains("cache4"));
        Set set2 = (Set) Security.doAs(TestingUtil.makeSubject("Subject35", "role3", "role5"), () -> {
            return this.cacheManager.getAccessibleCacheNames();
        });
        AssertJUnit.assertEquals(2, set2.size());
        AssertJUnit.assertTrue(set2.toString(), set2.contains("cache3"));
        AssertJUnit.assertTrue(set2.toString(), set2.contains("cache5"));
        Set set3 = (Set) Security.doAs(TestingUtil.makeSubject("Subject45", "role4", "role5"), () -> {
            return this.cacheManager.getAccessibleCacheNames();
        });
        AssertJUnit.assertEquals(2, set3.size());
        AssertJUnit.assertTrue(set3.toString(), set3.contains("cache4"));
        AssertJUnit.assertTrue(set3.toString(), set3.contains("cache5"));
        AssertJUnit.assertEquals(0, ((Set) Security.doAs(TestingUtil.makeSubject("Subject0"), () -> {
            return this.cacheManager.getAccessibleCacheNames();
        })).size());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void teardown() {
        Security.doAs(ADMIN, () -> {
            super.teardown();
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.test.SingleCacheManagerTest
    public void clearContent() {
        Security.doAs(ADMIN, () -> {
            this.cacheManager.getCache().clear();
            return null;
        });
    }
}
