package co.cask.cdap.gateway.handlers;

import co.cask.cdap.client.AuthorizationClient;
import co.cask.cdap.client.config.ClientConfig;
import co.cask.cdap.client.config.ConnectionConfig;
import co.cask.cdap.common.UnauthorizedException;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.proto.id.Ids;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.security.authorization.InMemoryAuthorizationPlugin;
import co.cask.http.NettyHttpService;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:co/cask/cdap/gateway/handlers/AuthorizationHandlerTest.class */
public class AuthorizationHandlerTest {
    private InMemoryAuthorizationPlugin auth;
    private NettyHttpService service;
    private AuthorizationClient client;

    @Before
    public void setUp() {
        CConfiguration create = CConfiguration.create();
        create.setBoolean("security.authorization.enabled", true);
        this.auth = new InMemoryAuthorizationPlugin();
        this.service = NettyHttpService.builder().addHttpHandlers(ImmutableList.of(new AuthorizationHandler(this.auth, create))).build();
        this.service.startAndWait();
        this.client = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(this.service.getBindAddress().getHostName()).setPort(Integer.valueOf(this.service.getBindAddress().getPort())).setSSLEnabled(false).build()).build());
    }

    @After
    public void tearDown() {
        this.service.stopAndWait();
    }

    @Test
    public void testDisabled() throws IOException, UnauthorizedException {
        CConfiguration create = CConfiguration.create();
        create.setBoolean("security.authorization.enabled", false);
        NettyHttpService build = NettyHttpService.builder().addHttpHandlers(ImmutableList.of(new AuthorizationHandler(new InMemoryAuthorizationPlugin(), create))).build();
        build.startAndWait();
        AuthorizationClient authorizationClient = new AuthorizationClient(ClientConfig.builder().setConnectionConfig(ConnectionConfig.builder().setHostname(build.getBindAddress().getHostName()).setPort(Integer.valueOf(build.getBindAddress().getPort())).setSSLEnabled(false).build()).build());
        NamespaceId namespace = Ids.namespace("ns1");
        try {
            authorizationClient.authorized(namespace, "admin", ImmutableSet.of(Action.READ));
            Assert.fail();
        } catch (IOException e) {
            Assert.assertTrue(e.getMessage().contains("404"));
        }
        try {
            authorizationClient.grant(namespace, "admin", ImmutableSet.of(Action.READ));
            Assert.fail();
        } catch (IOException e2) {
            Assert.assertTrue(e2.getMessage().contains("404"));
        }
        try {
            authorizationClient.revoke(namespace, "admin", ImmutableSet.of(Action.READ));
            Assert.fail();
        } catch (IOException e3) {
            Assert.assertTrue(e3.getMessage().contains("404"));
        }
    }

    @Test
    public void testRevokeEntityUserActions() throws IOException, UnauthorizedException {
        NamespaceId namespace = Ids.namespace("ns1");
        Assert.assertEquals(false, Boolean.valueOf(this.client.authorized(namespace, "admin", ImmutableSet.of(Action.READ))));
        this.client.grant(namespace, "admin", ImmutableSet.of(Action.READ));
        Assert.assertEquals(true, Boolean.valueOf(this.client.authorized(namespace, "admin", ImmutableSet.of(Action.READ))));
        this.client.revoke(namespace, "admin", ImmutableSet.of(Action.READ));
        Assert.assertEquals(false, Boolean.valueOf(this.client.authorized(namespace, "admin", ImmutableSet.of(Action.READ))));
    }

    @Test
    public void testRevokeEntityUser() throws IOException, UnauthorizedException {
        NamespaceId namespace = Ids.namespace("ns1");
        this.client.grant(namespace, "admin", ImmutableSet.of(Action.READ));
        this.client.grant(namespace, "bob", ImmutableSet.of(Action.READ));
        Assert.assertEquals(true, Boolean.valueOf(this.client.authorized(namespace, "admin", ImmutableSet.of(Action.READ))));
        Assert.assertEquals(true, Boolean.valueOf(this.client.authorized(namespace, "bob", ImmutableSet.of(Action.READ))));
        this.client.revoke(namespace, "admin");
        Assert.assertEquals(false, Boolean.valueOf(this.client.authorized(namespace, "admin", ImmutableSet.of(Action.READ))));
        Assert.assertEquals(true, Boolean.valueOf(this.client.authorized(namespace, "bob", ImmutableSet.of(Action.READ))));
    }

    @Test
    public void testRevokeEntity() throws IOException, UnauthorizedException {
        NamespaceId namespace = Ids.namespace("ns1");
        NamespaceId namespace2 = Ids.namespace("ns2");
        this.client.grant(namespace, "admin", ImmutableSet.of(Action.READ));
        this.client.grant(namespace, "bob", ImmutableSet.of(Action.READ));
        this.client.grant(namespace2, "admin", ImmutableSet.of(Action.READ));
        Assert.assertEquals(true, Boolean.valueOf(this.client.authorized(namespace, "admin", ImmutableSet.of(Action.READ))));
        Assert.assertEquals(true, Boolean.valueOf(this.client.authorized(namespace, "bob", ImmutableSet.of(Action.READ))));
        Assert.assertEquals(true, Boolean.valueOf(this.client.authorized(namespace2, "admin", ImmutableSet.of(Action.READ))));
        this.client.revoke(namespace);
        Assert.assertEquals(false, Boolean.valueOf(this.client.authorized(namespace, "admin", ImmutableSet.of(Action.READ))));
        Assert.assertEquals(false, Boolean.valueOf(this.client.authorized(namespace, "bob", ImmutableSet.of(Action.READ))));
        Assert.assertEquals(true, Boolean.valueOf(this.client.authorized(namespace2, "admin", ImmutableSet.of(Action.READ))));
    }
}
