package co.cask.cdap.security.authorization;

import co.cask.cdap.common.test.AppJarHelper;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.proto.security.Action;
import co.cask.cdap.proto.security.Principal;
import co.cask.cdap.proto.security.Role;
import co.cask.cdap.security.spi.authorization.Authorizer;
import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.jar.Attributes;
import java.util.jar.Manifest;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizationCacheInvalidationTest.class */
public class AuthorizationCacheInvalidationTest extends AuthorizationTestBase {
    @BeforeClass
    public static void setupClass() throws IOException {
        Manifest manifest = new Manifest();
        manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, InMemoryAuthorizer.class.getName());
        CCONF.set("security.authorization.extension.jar.path", AppJarHelper.createDeploymentJar(locationFactory, InMemoryAuthorizer.class, manifest, new File[0]).toString());
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testUserPrivileges() throws Exception {
        AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
        Throwable th = null;
        try {
            Authorizer authorizer = authorizerInstantiator.get();
            DefaultPrivilegesFetcherProxyService defaultPrivilegesFetcherProxyService = new DefaultPrivilegesFetcherProxyService(authorizer, CCONF, AUTH_CONTEXT);
            defaultPrivilegesFetcherProxyService.startAndWait();
            try {
                DefaultAuthorizationEnforcementService defaultAuthorizationEnforcementService = new DefaultAuthorizationEnforcementService(authorizer, CCONF, AUTH_CONTEXT);
                defaultAuthorizationEnforcementService.startAndWait();
                int size = defaultPrivilegesFetcherProxyService.getCache().size();
                Assert.assertEquals(size, defaultAuthorizationEnforcementService.getCache().size());
                try {
                    Principal principal = new Principal("alice", Principal.PrincipalType.USER);
                    NamespaceId namespaceId = new NamespaceId("ns");
                    authorizer.grant(namespaceId, principal, Collections.singleton(Action.ADMIN));
                    defaultPrivilegesFetcherProxyService.listPrivileges(principal);
                    defaultAuthorizationEnforcementService.createFilter(principal);
                    Assert.assertEquals(size + 1, defaultPrivilegesFetcherProxyService.getCache().size());
                    Assert.assertEquals(size + 1, defaultAuthorizationEnforcementService.getCache().size());
                    new DefaultPrivilegesManager(authorizerInstantiator, defaultAuthorizationEnforcementService, defaultPrivilegesFetcherProxyService).grant(namespaceId, principal, Collections.singleton(Action.ADMIN));
                    Assert.assertEquals(size, defaultPrivilegesFetcherProxyService.getCache().size());
                    Assert.assertEquals(size, defaultAuthorizationEnforcementService.getCache().size());
                    defaultAuthorizationEnforcementService.stopAndWait();
                    defaultPrivilegesFetcherProxyService.stopAndWait();
                    if (authorizerInstantiator != null) {
                        if (0 == 0) {
                            authorizerInstantiator.close();
                            return;
                        }
                        try {
                            authorizerInstantiator.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    defaultAuthorizationEnforcementService.stopAndWait();
                    throw th3;
                }
            } catch (Throwable th4) {
                defaultPrivilegesFetcherProxyService.stopAndWait();
                throw th4;
            }
        } catch (Throwable th5) {
            if (authorizerInstantiator != null) {
                if (0 != 0) {
                    try {
                        authorizerInstantiator.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    authorizerInstantiator.close();
                }
            }
            throw th5;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    @Ignore
    public void testRoleBasedPrivileges() throws Exception {
        Principal principal = new Principal("alice", Principal.PrincipalType.USER);
        Principal principal2 = new Principal("bob", Principal.PrincipalType.USER);
        Role role = new Role("admins");
        NamespaceId namespaceId = new NamespaceId("ns");
        AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
        Throwable th = null;
        try {
            Authorizer authorizer = authorizerInstantiator.get();
            DefaultPrivilegesFetcherProxyService defaultPrivilegesFetcherProxyService = new DefaultPrivilegesFetcherProxyService(authorizer, CCONF, AUTH_CONTEXT);
            defaultPrivilegesFetcherProxyService.startAndWait();
            try {
                DefaultAuthorizationEnforcementService defaultAuthorizationEnforcementService = new DefaultAuthorizationEnforcementService(authorizer, CCONF, AUTH_CONTEXT);
                defaultAuthorizationEnforcementService.startAndWait();
                int size = defaultPrivilegesFetcherProxyService.getCache().size();
                Assert.assertEquals(size, defaultAuthorizationEnforcementService.getCache().size());
                try {
                    authorizer.grant(namespaceId, principal, Collections.singleton(Action.ADMIN));
                    authorizer.grant(namespaceId, principal2, Collections.singleton(Action.WRITE));
                    defaultPrivilegesFetcherProxyService.listPrivileges(principal);
                    defaultAuthorizationEnforcementService.createFilter(principal);
                    defaultPrivilegesFetcherProxyService.listPrivileges(principal2);
                    defaultAuthorizationEnforcementService.createFilter(principal2);
                    Assert.assertEquals(size + 2, defaultPrivilegesFetcherProxyService.getCache().size());
                    Assert.assertEquals(size + 2, defaultAuthorizationEnforcementService.getCache().size());
                    authorizer.createRole(role);
                    authorizer.addRoleToPrincipal(role, principal);
                    authorizer.addRoleToPrincipal(role, principal2);
                    authorizer.grant(namespaceId, role, Collections.singleton(Action.READ));
                    new DefaultPrivilegesManager(authorizerInstantiator, defaultAuthorizationEnforcementService, defaultPrivilegesFetcherProxyService).grant(namespaceId, role, Collections.singleton(Action.ADMIN));
                    Assert.assertEquals(size, defaultPrivilegesFetcherProxyService.getCache().size());
                    Assert.assertEquals(size, defaultAuthorizationEnforcementService.getCache().size());
                    defaultAuthorizationEnforcementService.stopAndWait();
                    defaultPrivilegesFetcherProxyService.stopAndWait();
                    if (authorizerInstantiator != null) {
                        if (0 == 0) {
                            authorizerInstantiator.close();
                            return;
                        }
                        try {
                            authorizerInstantiator.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    defaultAuthorizationEnforcementService.stopAndWait();
                    throw th3;
                }
            } catch (Throwable th4) {
                defaultPrivilegesFetcherProxyService.stopAndWait();
                throw th4;
            }
        } catch (Throwable th5) {
            if (authorizerInstantiator != null) {
                if (0 != 0) {
                    try {
                        authorizerInstantiator.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    authorizerInstantiator.close();
                }
            }
            throw th5;
        }
    }
}
