package co.cask.cdap.security.authorization;

import co.cask.cdap.common.FeatureDisabledException;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.test.AppJarHelper;
import co.cask.cdap.security.spi.authorization.AuthorizationContext;
import co.cask.cdap.security.spi.authorization.Authorizer;
import co.cask.cdap.security.spi.authorization.NoOpAuthorizer;
import com.google.common.base.Throwables;
import com.google.gson.Gson;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Properties;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import javax.annotation.Nullable;
import org.apache.twill.filesystem.Location;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;

/* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizerInstantiatorTest.class */
public class AuthorizerInstantiatorTest extends AuthorizationTestBase {

    @ClassRule
    public static final TemporaryFolder TEMP_FOLDER = new TemporaryFolder();

    /* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizerInstantiatorTest$DoesNotImplementAuthorizer.class */
    private static final class DoesNotImplementAuthorizer {
        private DoesNotImplementAuthorizer() {
        }
    }

    /* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizerInstantiatorTest$ExceptionInInitialize.class */
    public static final class ExceptionInInitialize extends NoOpAuthorizer {
        public void initialize(AuthorizationContext authorizationContext) throws Exception {
            throw new IllegalStateException("Testing exception during initialize");
        }
    }

    /* loaded from: input_file:co/cask/cdap/security/authorization/AuthorizerInstantiatorTest$ValidExternalAuthorizer.class */
    public static final class ValidExternalAuthorizer extends NoOpAuthorizer {
        private Properties properties;

        public void initialize(AuthorizationContext authorizationContext) throws Exception {
            this.properties = authorizationContext.getExtensionProperties();
        }

        public Properties getProperties() {
            return this.properties;
        }
    }

    @Test
    public void testAuthenticationDisabled() throws IOException {
        CConfiguration create = CConfiguration.create();
        create.set("local.data.dir", TEMPORARY_FOLDER.newFolder().getAbsolutePath());
        create.setBoolean("security.authorization.enabled", true);
        assertDisabled(create, FeatureDisabledException.Feature.AUTHENTICATION);
    }

    @Test
    public void testAuthorizationDisabled() throws IOException {
        CConfiguration create = CConfiguration.create();
        create.setBoolean("security.enabled", true);
        create.set("local.data.dir", TEMPORARY_FOLDER.newFolder().getAbsolutePath());
        assertDisabled(create, FeatureDisabledException.Feature.AUTHORIZATION);
    }

    private void assertDisabled(CConfiguration cConfiguration, FeatureDisabledException.Feature feature) throws IOException {
        AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(cConfiguration, AUTH_CONTEXT_FACTORY);
        Throwable th = null;
        try {
            Authorizer authorizer = authorizerInstantiator.get();
            Assert.assertTrue(String.format("When %s is disabled, a %s must be returned, but got %s.", feature.name().toLowerCase(), NoOpAuthorizer.class.getSimpleName(), authorizer.getClass().getName()), authorizer instanceof NoOpAuthorizer);
            if (authorizerInstantiator != null) {
                if (0 == 0) {
                    authorizerInstantiator.close();
                    return;
                }
                try {
                    authorizerInstantiator.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (authorizerInstantiator != null) {
                if (0 != 0) {
                    try {
                        authorizerInstantiator.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    authorizerInstantiator.close();
                }
            }
            throw th3;
        }
    }

    @Test(expected = InvalidAuthorizerException.class)
    public void testNonExistingAuthorizerJarPath() throws Throwable {
        CCONF.set("security.authorization.extension.jar.path", "/path/to/external-test-authorizer.jar");
        try {
            AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
            Throwable th = null;
            try {
                authorizerInstantiator.get();
                Assert.fail("Instantiation of Authorizer should have failed because extension jar does not exist.");
                if (authorizerInstantiator != null) {
                    if (0 != 0) {
                        try {
                            authorizerInstantiator.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        authorizerInstantiator.close();
                    }
                }
            } finally {
            }
        } catch (Throwable th3) {
            throw Throwables.getRootCause(th3);
        }
    }

    @Test(expected = InvalidAuthorizerException.class)
    public void testAuthorizerJarPathIsDirectory() throws Throwable {
        CCONF.set("security.authorization.extension.jar.path", TEMPORARY_FOLDER.newFolder().getPath());
        try {
            AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
            Throwable th = null;
            try {
                try {
                    authorizerInstantiator.get();
                    Assert.fail("Instantiation of Authorizer should have failed because extension jar is a directory");
                    if (authorizerInstantiator != null) {
                        if (0 != 0) {
                            try {
                                authorizerInstantiator.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            authorizerInstantiator.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th3) {
            throw Throwables.getRootCause(th3);
        }
    }

    @Test(expected = InvalidAuthorizerException.class)
    public void testAuthorizerJarPathIsNotJar() throws Throwable {
        CCONF.set("security.authorization.extension.jar.path", TEMPORARY_FOLDER.newFile("abc.txt").getPath());
        try {
            AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
            Throwable th = null;
            try {
                authorizerInstantiator.get();
                Assert.fail("Instantiation of Authorizer should have failed because extension jar is not a jar file");
                if (authorizerInstantiator != null) {
                    if (0 != 0) {
                        try {
                            authorizerInstantiator.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        authorizerInstantiator.close();
                    }
                }
            } finally {
            }
        } catch (Throwable th3) {
            throw Throwables.getRootCause(th3);
        }
    }

    @Test(expected = InvalidAuthorizerException.class)
    public void testMissingManifest() throws Throwable {
        CCONF.set("security.authorization.extension.jar.path", createInvalidExternalAuthJar(null).toString());
        try {
            AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
            Throwable th = null;
            try {
                try {
                    authorizerInstantiator.get();
                    Assert.fail("Instantiation of Authorizer should have failed because extension jar does not have a manifest");
                    if (authorizerInstantiator != null) {
                        if (0 != 0) {
                            try {
                                authorizerInstantiator.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            authorizerInstantiator.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th3) {
            throw Throwables.getRootCause(th3);
        }
    }

    @Test(expected = InvalidAuthorizerException.class)
    public void testMissingAuthorizerClassName() throws Throwable {
        Manifest manifest = new Manifest();
        manifest.getMainAttributes().put(Attributes.Name.MANIFEST_VERSION, "1.0");
        CCONF.set("security.authorization.extension.jar.path", createInvalidExternalAuthJar(manifest).toString());
        try {
            AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
            Throwable th = null;
            try {
                try {
                    authorizerInstantiator.get();
                    Assert.fail("Instantiation of Authorizer should have failed because extension jar's manifest does not define Authorizer class.");
                    if (authorizerInstantiator != null) {
                        if (0 != 0) {
                            try {
                                authorizerInstantiator.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            authorizerInstantiator.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th3) {
            throw Throwables.getRootCause(th3);
        }
    }

    @Test(expected = InvalidAuthorizerException.class)
    public void testDoesNotImplementAuthorizer() throws Throwable {
        Manifest manifest = new Manifest();
        manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, DoesNotImplementAuthorizer.class.getName());
        CCONF.set("security.authorization.extension.jar.path", AppJarHelper.createDeploymentJar(locationFactory, DoesNotImplementAuthorizer.class, manifest, new File[0]).toString());
        try {
            AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
            Throwable th = null;
            try {
                try {
                    authorizerInstantiator.get();
                    Assert.fail("Instantiation of Authorizer should have failed because the Authorizer class defined in the extension jar's manifest does not implement " + Authorizer.class.getName());
                    if (authorizerInstantiator != null) {
                        if (0 != 0) {
                            try {
                                authorizerInstantiator.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            authorizerInstantiator.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th3) {
            throw Throwables.getRootCause(th3);
        }
    }

    @Test(expected = InvalidAuthorizerException.class)
    public void testInitializationThrowsException() throws Throwable {
        Manifest manifest = new Manifest();
        manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, ExceptionInInitialize.class.getName());
        CCONF.set("security.authorization.extension.jar.path", AppJarHelper.createDeploymentJar(locationFactory, ExceptionInInitialize.class, manifest, new File[0]).toString());
        try {
            AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY);
            Throwable th = null;
            try {
                try {
                    authorizerInstantiator.get();
                    Assert.fail("Instantiation of Authorizer should have failed because the Authorizer class defined in the extension jar's manifest does not implement " + Authorizer.class.getName());
                    if (authorizerInstantiator != null) {
                        if (0 != 0) {
                            try {
                                authorizerInstantiator.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            authorizerInstantiator.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th3) {
            throw th3.getCause();
        }
    }

    @Test
    public void testAuthorizerExtension() throws IOException, ClassNotFoundException {
        Location createValidAuthExtensionJar = createValidAuthExtensionJar();
        CConfiguration copy = CConfiguration.copy(CCONF);
        copy.set("security.authorization.extension.jar.path", createValidAuthExtensionJar.toString());
        copy.set("security.authorization.extension.extra.classpath", TEMP_FOLDER.newFile("conf-file.xml").getParent());
        AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(copy, AUTH_CONTEXT_FACTORY);
        Throwable th = null;
        try {
            try {
                ClassLoader classLoader = authorizerInstantiator.get().getClass().getClassLoader();
                classLoader.loadClass(ValidExternalAuthorizer.class.getName());
                Assert.assertNotNull(classLoader.getResource("conf-file.xml"));
                if (authorizerInstantiator != null) {
                    if (0 == 0) {
                        authorizerInstantiator.close();
                        return;
                    }
                    try {
                        authorizerInstantiator.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (authorizerInstantiator != null) {
                if (th != null) {
                    try {
                        authorizerInstantiator.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    authorizerInstantiator.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testAuthorizerExtensionExtraClasspath() throws IOException, ClassNotFoundException {
        Location createValidAuthExtensionJar = createValidAuthExtensionJar();
        CConfiguration copy = CConfiguration.copy(CCONF);
        copy.set("security.authorization.extension.jar.path", createValidAuthExtensionJar.toString());
        copy.set("security.authorization.extension.config.config.path", "/path/config.ini");
        copy.set("security.authorization.extension.config.service.address", "http://foo.bar.co:5555");
        copy.set("security.authorization.extension.config.cache.ttl.secs", "500");
        copy.set("security.authorization.extension.config.cache.max.entries", "50000");
        copy.set("foo.security.authorization.extension.config.dont.include", "not.prefix.should.not.be.included");
        AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(copy, AUTH_CONTEXT_FACTORY);
        Throwable th = null;
        try {
            Authorizer authorizer = authorizerInstantiator.get();
            Assert.assertNotNull(authorizer);
            Authorizer authorizer2 = authorizerInstantiator.get();
            Assert.assertNotNull(authorizer2);
            Assert.assertEquals(authorizer, authorizer2);
            ClassLoader classLoader = authorizer.getClass().getClassLoader();
            ClassLoader parent = classLoader.getParent();
            parent.loadClass(Authorizer.class.getName());
            try {
                parent.loadClass(ValidExternalAuthorizer.class.getName());
                Assert.fail("Should not be able to load external authorizer classes via the parent classloader of the Authorizer class loader.");
            } catch (ClassNotFoundException e) {
            }
            classLoader.loadClass(ValidExternalAuthorizer.class.getName());
            Gson gson = new Gson();
            ValidExternalAuthorizer validExternalAuthorizer = (ValidExternalAuthorizer) gson.fromJson(gson.toJson(authorizer), ValidExternalAuthorizer.class);
            Properties properties = new Properties();
            properties.put("config.path", "/path/config.ini");
            properties.put("service.address", "http://foo.bar.co:5555");
            properties.put("cache.ttl.secs", "500");
            properties.put("cache.max.entries", "50000");
            Assert.assertEquals(properties, validExternalAuthorizer.getProperties());
            if (authorizerInstantiator != null) {
                if (0 == 0) {
                    authorizerInstantiator.close();
                    return;
                }
                try {
                    authorizerInstantiator.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (authorizerInstantiator != null) {
                if (0 != 0) {
                    try {
                        authorizerInstantiator.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    authorizerInstantiator.close();
                }
            }
            throw th3;
        }
    }

    private Location createInvalidExternalAuthJar(@Nullable Manifest manifest) throws IOException {
        Location tempFile = locationFactory.create("external-authorizer").getTempFile(".jar");
        OutputStream outputStream = tempFile.getOutputStream();
        Throwable th = null;
        try {
            JarOutputStream jarOutputStream = manifest == null ? new JarOutputStream(outputStream) : new JarOutputStream(outputStream, manifest);
            Throwable th2 = null;
            try {
                try {
                    jarOutputStream.putNextEntry(new JarEntry("dummy.class"));
                    jarOutputStream.closeEntry();
                    if (jarOutputStream != null) {
                        if (0 != 0) {
                            try {
                                jarOutputStream.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            jarOutputStream.close();
                        }
                    }
                    return tempFile;
                } finally {
                }
            } catch (Throwable th4) {
                if (jarOutputStream != null) {
                    if (th2 != null) {
                        try {
                            jarOutputStream.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        jarOutputStream.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (outputStream != null) {
                if (0 != 0) {
                    try {
                        outputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    outputStream.close();
                }
            }
        }
    }

    private Location createValidAuthExtensionJar() throws IOException {
        Manifest manifest = new Manifest();
        manifest.getMainAttributes().put(Attributes.Name.MAIN_CLASS, ValidExternalAuthorizer.class.getName());
        return AppJarHelper.createDeploymentJar(locationFactory, ValidExternalAuthorizer.class, manifest, new File[0]);
    }
}
