package co.cask.cdap.internal.app.services;

import co.cask.cdap.AllProgramsApp;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.id.Id;
import co.cask.cdap.common.namespace.NamespaceAdmin;
import co.cask.cdap.common.test.AppJarHelper;
import co.cask.cdap.common.utils.Tasks;
import co.cask.cdap.internal.AppFabricTestHelper;
import co.cask.cdap.proto.ProgramType;
import co.cask.cdap.proto.id.ApplicationId;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Authorizable;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.security.authorization.AuthorizationUtil;
import co.cask.cdap.security.authorization.AuthorizerInstantiator;
import co.cask.cdap.security.authorization.InMemoryAuthorizer;
import co.cask.cdap.security.spi.authentication.SecurityRequestContext;
import co.cask.cdap.security.spi.authorization.Authorizer;
import com.google.common.collect.ImmutableMap;
import com.google.inject.Injector;
import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
import org.apache.twill.filesystem.LocalLocationFactory;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:co/cask/cdap/internal/app/services/ProgramLifecycleServiceAuthorizationTest.class */
public class ProgramLifecycleServiceAuthorizationTest {

    @ClassRule
    public static final TemporaryFolder TEMPORARY_FOLDER = new TemporaryFolder();
    private static final Principal ALICE = new Principal("alice", Principal.PrincipalType.USER);
    private static CConfiguration cConf;
    private static Authorizer authorizer;
    private static AppFabricServer appFabricServer;
    private static ProgramLifecycleService programLifecycleService;

    @BeforeClass
    public static void setup() throws Exception {
        cConf = createCConf();
        final Injector injector = AppFabricTestHelper.getInjector(cConf);
        authorizer = ((AuthorizerInstantiator) injector.getInstance(AuthorizerInstantiator.class)).get();
        appFabricServer = (AppFabricServer) injector.getInstance(AppFabricServer.class);
        appFabricServer.startAndWait();
        programLifecycleService = (ProgramLifecycleService) injector.getInstance(ProgramLifecycleService.class);
        String effectiveMasterUser = AuthorizationUtil.getEffectiveMasterUser(cConf);
        authorizer.grant(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(effectiveMasterUser, Principal.PrincipalType.USER), Collections.singleton(Action.ADMIN));
        Tasks.waitFor(true, new Callable<Boolean>() { // from class: co.cask.cdap.internal.app.services.ProgramLifecycleServiceAuthorizationTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Boolean call() throws Exception {
                return Boolean.valueOf(((NamespaceAdmin) injector.getInstance(NamespaceAdmin.class)).exists(NamespaceId.DEFAULT));
            }
        }, 5L, TimeUnit.SECONDS);
        authorizer.revoke(Authorizable.fromEntityId(NamespaceId.DEFAULT), new Principal(effectiveMasterUser, Principal.PrincipalType.USER), Collections.singleton(Action.ADMIN));
    }

    @Test
    public void testProgramList() throws Exception {
        SecurityRequestContext.setUserId(ALICE.getName());
        ApplicationId app = NamespaceId.DEFAULT.app("App");
        setUpPrivilegesAndExpectFailedDeploy(ImmutableMap.builder().put(app, EnumSet.of(Action.ADMIN)).put(NamespaceId.DEFAULT.artifact(AllProgramsApp.class.getSimpleName(), "1.0-SNAPSHOT"), EnumSet.of(Action.ADMIN)).put(NamespaceId.DEFAULT.dataset("kvt"), EnumSet.of(Action.ADMIN)).put(NamespaceId.DEFAULT.dataset(AllProgramsApp.DATASET_NAME2), EnumSet.of(Action.ADMIN)).put(NamespaceId.DEFAULT.dataset(AllProgramsApp.DATASET_NAME3), EnumSet.of(Action.ADMIN)).put(NamespaceId.DEFAULT.dataset(AllProgramsApp.DS_WITH_SCHEMA_NAME), EnumSet.of(Action.ADMIN)).put(NamespaceId.DEFAULT.stream("stream"), EnumSet.of(Action.ADMIN)).build());
        AppFabricTestHelper.deployApplication(Id.Namespace.DEFAULT, AllProgramsApp.class, null, cConf);
        for (ProgramType programType : ProgramType.values()) {
            if (!programType.equals(ProgramType.CUSTOM_ACTION)) {
                Assert.assertTrue(programLifecycleService.list(NamespaceId.DEFAULT, programType).isEmpty());
            }
        }
        authorizer.grant(Authorizable.fromEntityId(app.program(ProgramType.FLOW, AllProgramsApp.NoOpFlow.NAME)), ALICE, Collections.singleton(Action.EXECUTE));
        authorizer.grant(Authorizable.fromEntityId(app.program(ProgramType.SERVICE, AllProgramsApp.NoOpService.NAME)), ALICE, Collections.singleton(Action.EXECUTE));
        authorizer.grant(Authorizable.fromEntityId(app.program(ProgramType.WORKER, "NoOpWorker")), ALICE, Collections.singleton(Action.EXECUTE));
        authorizer.grant(Authorizable.fromEntityId(app.program(ProgramType.SPARK, "NoOpSpark")), ALICE, Collections.singleton(Action.EXECUTE));
        authorizer.grant(Authorizable.fromEntityId(app.program(ProgramType.MAPREDUCE, "NoOpMR")), ALICE, Collections.singleton(Action.EXECUTE));
        authorizer.grant(Authorizable.fromEntityId(app.program(ProgramType.MAPREDUCE, AllProgramsApp.NoOpMR2.NAME)), ALICE, Collections.singleton(Action.EXECUTE));
        authorizer.grant(Authorizable.fromEntityId(app.program(ProgramType.WORKFLOW, "NoOpWorkflow")), ALICE, Collections.singleton(Action.EXECUTE));
        for (ProgramType programType2 : ProgramType.values()) {
            if (!programType2.equals(ProgramType.CUSTOM_ACTION)) {
                Assert.assertFalse(programLifecycleService.list(NamespaceId.DEFAULT, programType2).isEmpty());
                SecurityRequestContext.setUserId("bob");
                Assert.assertTrue(programLifecycleService.list(NamespaceId.DEFAULT, programType2).isEmpty());
                SecurityRequestContext.setUserId("alice");
            }
        }
    }

    @AfterClass
    public static void tearDown() {
        appFabricServer.stopAndWait();
    }

    private static CConfiguration createCConf() throws IOException {
        CConfiguration create = CConfiguration.create();
        create.setBoolean("security.enabled", true);
        create.setBoolean("security.authorization.enabled", true);
        create.setBoolean("kerberos.auth.enabled", false);
        create.setInt("security.authorization.cache.max.entries", 0);
        create.set("security.authorization.extension.jar.path", AppJarHelper.createDeploymentJar(new LocalLocationFactory(new File(TEMPORARY_FOLDER.newFolder().toURI())), InMemoryAuthorizer.class, new File[0]).toURI().getPath());
        return create;
    }

    private void setUpPrivilegesAndExpectFailedDeploy(Map<EntityId, Set<Action>> map) throws Exception {
        int i = 0;
        for (Map.Entry<EntityId, Set<Action>> entry : map.entrySet()) {
            authorizer.grant(Authorizable.fromEntityId(entry.getKey()), ALICE, entry.getValue());
            i++;
            if (i < map.size()) {
                try {
                    AppFabricTestHelper.deployApplication(Id.Namespace.DEFAULT, AllProgramsApp.class, null, cConf);
                    Assert.fail();
                } catch (Exception e) {
                }
            }
        }
    }
}
