package org.infinispan.scripting;

import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import org.infinispan.Cache;
import org.infinispan.commons.test.Exceptions;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.scripting.utils.ScriptingUtils;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.Security;
import org.infinispan.security.mappers.IdentityRoleMapper;
import org.infinispan.tasks.TaskContext;
import org.infinispan.test.MultipleCacheManagersTest;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.CleanupAfterTest;
import org.infinispan.util.concurrent.CompletionStages;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

@CleanupAfterTest
@Test(groups = {"functional"}, testName = "scripting.ReplicatedSecuredScriptingTest")
/* loaded from: input_file:org/infinispan/scripting/ReplicatedSecuredScriptingTest.class */
public class ReplicatedSecuredScriptingTest extends MultipleCacheManagersTest {
    static final Subject ADMIN = TestingUtil.makeSubject(new String[]{"admin", "___script_manager"});
    static final Subject RUNNER = TestingUtil.makeSubject(new String[]{"runner", "runner"});
    static final Subject PHEIDIPPIDES = TestingUtil.makeSubject(new String[]{"pheidippides", "pheidippides"});

    protected void createCacheManagers() throws Throwable {
        GlobalConfigurationBuilder defaultClusteredBuilder = GlobalConfigurationBuilder.defaultClusteredBuilder();
        ConfigurationBuilder defaultClusteredCacheConfig = getDefaultClusteredCacheConfig(CacheMode.REPL_SYNC);
        defaultClusteredBuilder.security().authorization().enable().principalRoleMapper(new IdentityRoleMapper()).role("admin").permission(AuthorizationPermission.ALL).role("runner").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).permission(AuthorizationPermission.ADMIN).role("pheidippides").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE);
        defaultClusteredCacheConfig.security().authorization().enable().role("admin").role("runner").role("pheidippides");
        defaultClusteredCacheConfig.encoding().key().mediaType("application/x-java-object").encoding().value().mediaType("application/x-java-object");
        Security.doAs(ADMIN, () -> {
            createCluster(defaultClusteredBuilder, defaultClusteredCacheConfig, 2);
            defineConfigurationOnAllManagers("secured-script-exec", defaultClusteredCacheConfig);
            Iterator it = this.cacheManagers.iterator();
            while (it.hasNext()) {
                ((EmbeddedCacheManager) it.next()).getCache("secured-script-exec");
            }
            waitForClusterToForm();
        });
    }

    @AfterClass(alwaysRun = true)
    protected void destroy() {
        Security.doAs(ADMIN, () -> {
            super.destroy();
        });
    }

    @AfterMethod(alwaysRun = true)
    protected void clearContent() throws Throwable {
        Security.doAs(ADMIN, () -> {
            try {
                super.clearContent();
            } catch (Throwable th) {
                throw new RuntimeException(th);
            }
        });
    }

    public void testLocalScriptExecutionWithRole() {
        ScriptingManager scriptingManager = ScriptingUtils.getScriptingManager(manager(0));
        Security.doAs(ADMIN, () -> {
            try {
                ScriptingUtils.loadScript(scriptingManager, "/testRole.js");
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        });
        Security.doAs(PHEIDIPPIDES, () -> {
            Cache cache = manager(0).getCache("secured-script-exec");
            AssertJUnit.assertEquals("value", (String) CompletionStages.join(scriptingManager.runScript("testRole.js", new TaskContext().cache(cache).addParameter("a", "value"))));
            AssertJUnit.assertEquals("value", cache.get("a"));
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testLocalScriptExecutionWithAuthException() {
        ScriptingManager scriptingManager = ScriptingUtils.getScriptingManager(manager(0));
        Security.doAs(ADMIN, () -> {
            try {
                ScriptingUtils.loadScript(scriptingManager, "/testRole.js");
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        });
        Security.doAs(RUNNER, () -> {
            CompletionStages.join(scriptingManager.runScript("testRole.js", new TaskContext().cache(manager(0).getCache()).addParameter("a", "value")));
            return null;
        });
    }

    @Test(enabled = false, description = "Enable when ISPN-6374 is fixed.")
    public void testDistributedScriptExecutionWithRole() {
        ScriptingManager scriptingManager = ScriptingUtils.getScriptingManager(manager(0));
        Security.doAs(ADMIN, () -> {
            Exceptions.unchecked(() -> {
                ScriptingUtils.loadScript(scriptingManager, "/testRole_dist.js");
            });
        });
        Security.doAs(RUNNER, () -> {
            Cache cache = manager(0).getCache();
            List list = (List) CompletionStages.join(scriptingManager.runScript("testRole_dist.js", new TaskContext().cache(cache).addParameter("a", "value")));
            AssertJUnit.assertEquals(list.get(0), manager(0).getAddress());
            AssertJUnit.assertEquals(list.get(1), manager(1).getAddress());
            AssertJUnit.assertEquals("value", cache.get("a"));
            AssertJUnit.assertEquals("value", manager(1).getCache().get("a"));
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testDistributedScriptExecutionWithAuthException() {
        ScriptingManager scriptingManager = ScriptingUtils.getScriptingManager(manager(0));
        Security.doAs(ADMIN, () -> {
            Exceptions.unchecked(() -> {
                ScriptingUtils.loadScript(scriptingManager, "/testRole_dist.js");
            });
        });
        Security.doAs(PHEIDIPPIDES, () -> {
            CompletionStages.join(scriptingManager.runScript("testRole_dist.js", new TaskContext().cache(manager(0).getCache()).addParameter("a", "value")));
        });
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "cacheModeProvider")
    private static Object[][] providePrinciples() {
        return new Object[]{new Object[]{CacheMode.REPL_SYNC}, new Object[]{CacheMode.DIST_SYNC}};
    }
}
