package co.cask.cdap.security.authorization;

import co.cask.cdap.common.security.AuthEnforceRewriter;
import co.cask.cdap.internal.asm.ByteCodeClassLoader;
import co.cask.cdap.internal.asm.ClassDefinition;
import co.cask.cdap.proto.id.EntityId;
import co.cask.cdap.proto.id.InstanceId;
import co.cask.cdap.proto.id.NamespaceId;
import co.cask.cdap.security.auth.context.AuthenticationTestContext;
import co.cask.cdap.security.authorization.DummyAuthEnforce;
import co.cask.cdap.security.authorization.ExceptionAuthorizationEnforcer;
import co.cask.cdap.security.spi.authentication.AuthenticationContext;
import co.cask.cdap.security.spi.authorization.AuthorizationEnforcer;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URL;
import org.junit.Assert;
import org.junit.Test;
import org.objectweb.asm.Type;

/* loaded from: input_file:co/cask/cdap/security/authorization/AuthEnforceRewriterTest.class */
public class AuthEnforceRewriterTest {
    @Test
    public void test() throws Exception {
        ByteCodeClassLoader byteCodeClassLoader = new ByteCodeClassLoader(getClass().getClassLoader());
        byteCodeClassLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceAnnotations.class));
        byteCodeClassLoader.addClass(rewrite(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class));
        byteCodeClassLoader.addClass(rewrite(DummyAuthEnforce.ClassImplementingInterfaceWithAuthAnnotation.class));
        byteCodeClassLoader.addClass(rewrite(DummyAuthEnforce.ClassWithoutAuthEnforce.class));
        byteCodeClassLoader.addClass(rewrite(DummyAuthEnforce.ValidAuthEnforceWithFields.class));
        Class<?> loadClass = byteCodeClassLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceAnnotations.class.getName());
        Object loadRewritten = loadRewritten(byteCodeClassLoader, DummyAuthEnforce.class.getName(), loadClass.getName());
        invokeSetters(loadClass, loadRewritten);
        testRewrite(getMethod(loadClass, "testSingleAction", NamespaceId.class), loadRewritten, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
        testRewrite(getMethod(loadClass, "testMultipleAction", NamespaceId.class), loadRewritten, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
        testRewrite(getMethod(loadClass, "testNoAuthEnforceAnnotation", NamespaceId.class), loadRewritten, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
        testRewrite(getMethod(loadClass, "testMethodWithoutException", NamespaceId.class), loadRewritten, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
        Class<?> loadClass2 = byteCodeClassLoader.loadClass(DummyAuthEnforce.ClassImplementingInterfaceWithAuthAnnotation.class.getName());
        Object loadRewritten2 = loadRewritten(byteCodeClassLoader, DummyAuthEnforce.class.getName(), loadClass2.getName());
        invokeSetters(loadClass2, loadRewritten2);
        testRewrite(getMethod(loadClass2, "interfaceMethodWithAuthEnforce", NamespaceId.class), loadRewritten2, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
        Class<?> loadClass3 = byteCodeClassLoader.loadClass(DummyAuthEnforce.ClassWithoutAuthEnforce.class.getName());
        Object loadRewritten3 = loadRewritten(byteCodeClassLoader, DummyAuthEnforce.class.getName(), loadClass3.getName());
        invokeSetters(loadClass3, loadRewritten3);
        testRewrite(getMethod(loadClass3, "methodWithoutAuthEnforce", NamespaceId.class), loadRewritten3, DummyAuthEnforce.EnforceNotCalledException.class, NamespaceId.DEFAULT);
        Class<?> loadClass4 = byteCodeClassLoader.loadClass(DummyAuthEnforce.AnotherValidAuthEnforceAnnotations.class.getName());
        Object loadRewritten4 = loadRewritten(byteCodeClassLoader, DummyAuthEnforce.class.getName(), loadClass4.getName());
        invokeSetters(loadClass4, loadRewritten4);
        testRewrite(getMethod(loadClass4, "testSomeOtherAction", NamespaceId.class), loadRewritten4, ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
        Class<?> loadClass5 = byteCodeClassLoader.loadClass(DummyAuthEnforce.ValidAuthEnforceWithFields.class.getName());
        Object loadRewritten5 = loadRewritten(byteCodeClassLoader, DummyAuthEnforce.class.getName(), loadClass5.getName());
        invokeSetters(loadClass5, loadRewritten5);
        testRewrite(getMethod(loadClass5, "testNoParameters", new Class[0]), loadRewritten5, ExceptionAuthorizationEnforcer.ExpectedException.class, new Object[0]);
        testRewrite(getMethod(loadClass5, "testParaNameSameAsField", NamespaceId.class), loadRewritten5, new NamespaceId("ns"), ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
        testRewrite(getMethod(loadClass5, "testParaPreference", InstanceId.class), loadRewritten5, new InstanceId("i1"), ExceptionAuthorizationEnforcer.ExpectedException.class, new InstanceId("i1"));
        testRewrite(getMethod(loadClass5, "testThisClassPreference", NamespaceId.class), loadRewritten5, new NamespaceId("ns"), ExceptionAuthorizationEnforcer.ExpectedException.class, NamespaceId.DEFAULT);
    }

    @Test
    public void testInvalidEntity() throws Exception {
        testInvalidEntityHelper(DummyAuthEnforce.AbsentEntityName.class);
        testInvalidEntityHelper(DummyAuthEnforce.InvalidEntityName.class);
        testInvalidEntityHelper(DummyAuthEnforce.DuplicateEntityName.class);
    }

    private void testInvalidEntityHelper(Class cls) throws Exception {
        try {
            rewrite(cls);
            Assert.fail("An IllegalArgumentException should have been thrown earlier.");
        } catch (IllegalArgumentException e) {
        }
    }

    private Method getMethod(Class<?> cls, String str, Class<?>... clsArr) throws NoSuchMethodException {
        return cls.getDeclaredMethod(str, clsArr);
    }

    private void testRewrite(Method method, Object obj, EntityId entityId, Class<? extends Exception> cls, Object... objArr) throws NoSuchMethodException {
        try {
            method.invoke(obj, objArr);
        } catch (Exception e) {
            if (!(e instanceof InvocationTargetException) || !cls.isAssignableFrom(e.getCause().getClass())) {
                Assert.fail(String.format("Got exception %s while expecting %s%s%s", e.getCause(), ExceptionAuthorizationEnforcer.ExpectedException.class.getName(), System.lineSeparator(), getFormattedStackTrace(e.getStackTrace())));
            }
            if (entityId != null) {
                if (!ExceptionAuthorizationEnforcer.ExpectedException.class.isAssignableFrom(e.getCause().getClass())) {
                    Assert.fail(String.format("Exception %s is not assignable from %s to match entity %s", e.getCause(), ExceptionAuthorizationEnforcer.ExpectedException.class.getName(), entityId));
                }
                ExceptionAuthorizationEnforcer.ExpectedException expectedException = (ExceptionAuthorizationEnforcer.ExpectedException) e.getCause();
                if (expectedException.getEntityId().equals(entityId)) {
                    return;
                }
                Assert.fail(String.format("Expected %s with entity %s but found %s", ExceptionAuthorizationEnforcer.ExpectedException.class.getSimpleName(), entityId, expectedException.getEntityId()));
            }
        }
    }

    private void testRewrite(Method method, Object obj, Class<? extends Exception> cls, Object... objArr) throws NoSuchMethodException {
        testRewrite(method, obj, null, cls, objArr);
    }

    private void invokeSetters(Class<?> cls, Object obj) throws InvocationTargetException, IllegalAccessException {
        for (Method method : cls.getDeclaredMethods()) {
            if (method.getName().startsWith("set_")) {
                method.setAccessible(true);
                if (method.getName().contains(AuthEnforceRewriter.AUTHENTICATION_CONTEXT_FIELD_NAME)) {
                    method.invoke(obj, new AuthenticationTestContext());
                } else {
                    if (!method.getName().contains(AuthEnforceRewriter.AUTHORIZATION_ENFORCER_FIELD_NAME)) {
                        throw new IllegalStateException(String.format("Found an expected setter method with name %s. While trying invoke setter for %s and %s", method.getName(), AuthenticationContext.class.getSimpleName(), AuthorizationEnforcer.class.getSimpleName()));
                    }
                    method.invoke(obj, new ExceptionAuthorizationEnforcer());
                }
            }
        }
    }

    private ClassDefinition rewrite(Class cls) throws Exception {
        AuthEnforceRewriter authEnforceRewriter = new AuthEnforceRewriter();
        URL resource = cls.getClassLoader().getResource(cls.getName().replace('.', '/') + ".class");
        Assert.assertNotNull(resource);
        InputStream openStream = resource.openStream();
        Throwable th = null;
        try {
            ClassDefinition classDefinition = new ClassDefinition(authEnforceRewriter.rewriteClass(cls.getName(), openStream), Type.getInternalName(cls));
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    openStream.close();
                }
            }
            return classDefinition;
        } catch (Throwable th3) {
            if (openStream != null) {
                if (0 != 0) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    private Object loadRewritten(ClassLoader classLoader, String str, String str2) throws ClassNotFoundException, IllegalAccessException, InstantiationException, NoSuchMethodException, InvocationTargetException {
        Class<?> loadClass = classLoader.loadClass(str);
        return classLoader.loadClass(str2).getDeclaredConstructor(loadClass).newInstance(loadClass.newInstance());
    }

    private String getFormattedStackTrace(StackTraceElement[] stackTraceElementArr) {
        StringBuilder sb = new StringBuilder();
        for (StackTraceElement stackTraceElement : stackTraceElementArr) {
            sb.append(stackTraceElement);
            sb.append(System.lineSeparator());
        }
        return sb.toString();
    }
}
