package org.infinispan.scripting;

import javax.security.auth.Subject;
import org.infinispan.Cache;
import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.Security;
import org.infinispan.security.mappers.IdentityRoleMapper;
import org.infinispan.tasks.TaskContext;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.infinispan.util.concurrent.CompletionStages;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

@Test(groups = {"functional"}, testName = "scripting.SecureScriptingTest")
/* loaded from: input_file:org/infinispan/scripting/SecureScriptingTest.class */
public class SecureScriptingTest extends AbstractScriptingTest {
    static final Subject ADMIN = TestingUtil.makeSubject(new String[]{"admin", "___script_manager"});
    static final Subject RUNNER = TestingUtil.makeSubject(new String[]{"runner", "runner"});
    static final Subject PHEIDIPPIDES = TestingUtil.makeSubject(new String[]{"pheidippides", "pheidippides"});
    static final Subject ACHILLES = TestingUtil.makeSubject(new String[]{"achilles", "achilles"});
    static final String SECURE_CACHE_NAME = "secured-script-exec";

    @Override // org.infinispan.scripting.AbstractScriptingTest
    protected EmbeddedCacheManager createCacheManager() throws Exception {
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        GlobalAuthorizationConfigurationBuilder principalRoleMapper = globalConfigurationBuilder.security().authorization().enable().groupOnlyMapping(false).principalRoleMapper(new IdentityRoleMapper());
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        AuthorizationConfigurationBuilder enable = defaultCacheConfiguration.security().authorization().enable();
        principalRoleMapper.role("achilles").permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("runner").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("pheidippides").permission(AuthorizationPermission.EXEC).permission(AuthorizationPermission.READ).permission(AuthorizationPermission.WRITE).role("admin").permission(AuthorizationPermission.ALL);
        enable.role("runner").role("pheidippides").role("admin");
        EmbeddedCacheManager createCacheManager = TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
        Security.doAs(ADMIN, () -> {
            createCacheManager.defineConfiguration("script-exec", createCacheManager.getDefaultCacheConfiguration());
            createCacheManager.getCache("script-exec");
            createCacheManager.defineConfiguration(SECURE_CACHE_NAME, createCacheManager.getDefaultCacheConfiguration());
            createCacheManager.getCache(SECURE_CACHE_NAME);
            createCacheManager.defineConfiguration("nonSecuredCache", TestCacheManagerFactory.getDefaultCacheConfiguration(true).build());
        });
        return createCacheManager;
    }

    @Override // org.infinispan.scripting.AbstractScriptingTest
    protected String[] getScripts() {
        return new String[]{"test.js", "testRole.js", "testRoleWithCache.js"};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.scripting.AbstractScriptingTest
    public void setup() throws Exception {
        Security.doAs(ADMIN, () -> {
            try {
                super.setup();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });
    }

    protected void teardown() {
        Security.doAs(ADMIN, () -> {
            super.teardown();
        });
    }

    protected void clearContent() {
        Security.doAs(ADMIN, () -> {
            this.cacheManager.getCache().clear();
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testSimpleScript() {
        AssertJUnit.assertEquals("a", (String) CompletionStages.join(this.scriptingManager.runScript("test.js", new TaskContext().addParameter("a", "a"))));
    }

    public void testSimpleScriptWithEXECPermissions() {
        AssertJUnit.assertEquals("a", (String) Security.doAs(RUNNER, () -> {
            return (String) CompletionStages.join(this.scriptingManager.runScript("test.js", new TaskContext().addParameter("a", "a")));
        }));
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testSimpleScriptWithEXECPermissionsWrongRole() {
        AssertJUnit.assertEquals("a", (String) Security.doAs(RUNNER, () -> {
            return (String) CompletionStages.join(this.scriptingManager.runScript("testRole.js", new TaskContext().addParameter("a", "a")));
        }));
    }

    public void testSimpleScriptWithEXECPermissionsRightRole() {
        AssertJUnit.assertEquals("a", (String) Security.doAs(PHEIDIPPIDES, () -> {
            return (String) CompletionStages.join(this.scriptingManager.runScript("testRole.js", new TaskContext().addParameter("a", "a")));
        }));
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testSimpleScriptWithoutEXEC() {
        Security.doAs(ACHILLES, () -> {
            return CompletionStages.join(this.scriptingManager.runScript("testRole.js", new TaskContext().addParameter("a", "a")));
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testUploadScriptWithEXECNotManager() {
        Security.doAs(PHEIDIPPIDES, () -> {
            this.scriptingManager.addScript("my_script", "1+1");
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testUploadScriptWithoutEXECNotManager() {
        Security.doAs(ACHILLES, () -> {
            this.scriptingManager.addScript("my_script", "1+1");
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testRemoveScriptWithEXECNotManager() {
        Security.doAs(PHEIDIPPIDES, () -> {
            this.scriptingManager.removeScript("test.js");
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testUploadScriptDirectlyWithEXECNotManager() {
        Security.doAs(PHEIDIPPIDES, () -> {
            return this.cacheManager.getCache("___script_cache").put("my_script", "1+1");
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testRemoveScriptDirectlyWithEXECNotManager() {
        Security.doAs(PHEIDIPPIDES, () -> {
            return this.cacheManager.getCache("___script_cache").remove("test.js");
        });
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testClearScriptDirectlyWithEXECNotManager() {
        Security.doAs(PHEIDIPPIDES, () -> {
            this.cacheManager.getCache("___script_cache").clear();
        });
    }

    public void testScriptOnNonSecuredCache() {
        Cache cache = cache("nonSecuredCache");
        cache.put("a", "value");
        AssertJUnit.assertEquals("value", (String) cache.get("a"));
        AssertJUnit.assertEquals("a", (String) Security.doAs(PHEIDIPPIDES, () -> {
            return (String) CompletionStages.join(this.scriptingManager.runScript("testRoleWithCache.js", new TaskContext().addParameter("a", "a").cache(cache)));
        }));
        AssertJUnit.assertEquals("a", (String) cache.get("a"));
    }

    @Test(expectedExceptions = {SecurityException.class})
    public void testScriptOnNonSecuredCacheWrongRole() {
        Security.doAs(RUNNER, () -> {
            return CompletionStages.join(this.scriptingManager.runScript("testRoleWithCache.js", new TaskContext().addParameter("a", "a").cache(cache("nonSecuredCache"))));
        });
    }
}
