package parity.coop;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.rbac.AccessPolicy;
import io.confluent.security.rbac.Role;
import io.confluent.testing.TestIndependenceUtil;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.utils.Utils;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.MdsTestUtil;
import utils.V2RolesUtil;

@Test
/* loaded from: input_file:parity/coop/V2CloudAuthorizeTest.class */
public class V2CloudAuthorizeTest extends ParityTestBase {
    List<Role> allRoles;
    private final Map<String, V2RbacRestApi> retrofitClients = new HashMap();
    private final String U_FSA = ParitySuite.U_FLOW_SERVICE_ADMIN;
    private final String U_O1 = TestIndependenceUtil.uniquify("org-admin-user");
    private final String U_O1_E1 = TestIndependenceUtil.uniquify("env1-admin");
    private final String U_O1_E1_C1 = TestIndependenceUtil.uniquify("env1-cluster1-admin");
    private final String U_O1_NO_ROLE = TestIndependenceUtil.uniquify("no-role-user");
    private final String U_O1_sibling = TestIndependenceUtil.uniquify("org-admin-user-sibling");
    private final String U_O1_E1_sibling = TestIndependenceUtil.uniquify("env1-admin-sibling");
    private final String U_O1_E1_C1_sibling = TestIndependenceUtil.uniquify("env1-cluster1-admin-sibling");
    private final String U_O1_MV = TestIndependenceUtil.uniquify("org-metrics-viewer");
    private final String U_O1_E1_C1_RO = TestIndependenceUtil.uniquify("env1-cluster1-resource-owner");
    private final String U_O1_E1_C1_T1_RO = TestIndependenceUtil.uniquify("env1-cluster1-topic1-resource-owner");
    private final String U_O1_E1_C1_T1_DR = TestIndependenceUtil.uniquify("env1-cluster1-topic1-developer-read");
    private final String U_O1_E1_C1_T1_DW = TestIndependenceUtil.uniquify("env1-cluster1-topic1-developer-write");
    private final String U_O1_E1_C1_T1_DM = TestIndependenceUtil.uniquify("env1-cluster1-topic1-developer-manage");
    private final String U_O1_E1_C1_G1_RO = TestIndependenceUtil.uniquify("env1-cluster1-group1-resource-owner");
    private final String U_O1_E1_C1_G1_DR = TestIndependenceUtil.uniquify("env1-cluster1-group1-developer-read");
    private final String U_O1_E1_C1_G1_DM = TestIndependenceUtil.uniquify("env1-cluster1-group1-developer-manage");
    private final String U_O1_E1_C1_I1_RO = TestIndependenceUtil.uniquify("env1-cluster1-transactionalid1-resource-owner");
    private final String U_O1_E1_C1_I1_DR = TestIndependenceUtil.uniquify("env1-cluster1-transactionalid1-developer-read");
    private final String U_O1_E1_C1_I1_DW = TestIndependenceUtil.uniquify("env1-cluster1-transactionalid1-developer-write");
    private final String U_O1_E1_C1_I1_DM = TestIndependenceUtil.uniquify("env1-cluster1-transactionalid1-developer-manage");
    private final String U_O1_E1_DD = TestIndependenceUtil.uniquify("org-data-discovery");
    private final String U_O1_E1_DS = TestIndependenceUtil.uniquify("org-data-steward");
    private final String U_O1_E1_DS_sibling = TestIndependenceUtil.uniquify("org-data-steward-sibling");
    private final String ORG_1_NAME = TestIndependenceUtil.uniquify("org1");
    private final String ORG_1_PATH_ELEMENT = "organization=" + this.ORG_1_NAME;
    private final MdsScope S_O1 = MdsScope.of(new Scope.Builder(new String[]{this.ORG_1_PATH_ELEMENT}).build());
    private final MdsScope S_O1_E1 = childScope(this.S_O1, "environment=env1");
    private final MdsScope S_O1_E1_C1 = childScope(this.S_O1_E1, "cloud-cluster=cluster1");
    private final MdsScope S_O1_E1_C1_Kafka = MdsScope.of(new Scope(this.S_O1_E1_C1.scope().path(), Utils.mkMap(new Map.Entry[]{Utils.mkEntry("kafka-cluster", "cluster1")})));
    private final String ORG_2_NAME = TestIndependenceUtil.uniquify("org2");
    private final String ORG_2_PATH_ELEMENT = "organization=" + this.ORG_2_NAME;
    private final String U_O2 = TestIndependenceUtil.uniquify("org-admin-user");
    private final String U_O2_E1 = TestIndependenceUtil.uniquify("env1-admin");
    private final String U_O2_E1_C1 = TestIndependenceUtil.uniquify("env1-cluster1-admin");
    private final String U_O2_MV = TestIndependenceUtil.uniquify("org-metrics-viewer");
    private final String U_O2_E1_DD = TestIndependenceUtil.uniquify("org-data-discovery");
    private final String U_O2_E1_DS = TestIndependenceUtil.uniquify("org-data-steward");
    private final MdsScope S_O2 = MdsScope.of(new Scope.Builder(new String[]{this.ORG_2_PATH_ELEMENT}).build());
    private final MdsScope S_O2_E1 = childScope(this.S_O2, "environment=env1");
    private final MdsScope S_O2_E1_C1 = childScope(this.S_O2_E1, "cloud-cluster=cluster1");
    Set<String> allDefinedResourceTypes = new TreeSet();
    Set<String> allDefinedOperations = new TreeSet();
    ResourceType ALL_RESOURCE_TYPE = new ResourceType("All");
    Operation ALL_OPERATION = new Operation("All");
    ResourceType CLUSTER_RESOURCE_TYPE = new ResourceType("Cluster");
    ResourceType TOPIC_RESOURCE_TYPE = new ResourceType("Topic");
    ResourceType GROUP_RESOURCE_TYPE = new ResourceType("Group");
    ResourceType TRANSACTIONAL_ID_RESOURCE_TYPE = new ResourceType("TransactionalId");
    Map<String, String> resourceNames = Utils.mkMap(new Map.Entry[]{Utils.mkEntry(this.CLUSTER_RESOURCE_TYPE.name(), "kafka-cluster"), Utils.mkEntry(this.TOPIC_RESOURCE_TYPE.name(), "topic1"), Utils.mkEntry(this.GROUP_RESOURCE_TYPE.name(), "group1"), Utils.mkEntry(this.TRANSACTIONAL_ID_RESOURCE_TYPE.name(), "id1")});

    /* JADX WARN: Multi-variable type inference failed */
    @BeforeClass
    public void setup() throws IOException {
        this.allRoles = new ArrayList();
        this.allRoles.addAll((Collection) this.suClient.getRoles().execute().body());
        this.allRoles.addAll((Collection) this.suClient.getRoles("dataplane").execute().body());
        this.allRoles.addAll((Collection) this.suClient.getRoles("datagovernance").execute().body());
        Iterator<Role> it = this.allRoles.iterator();
        while (it.hasNext()) {
            it.next().flatAccessPolicies().forEach(accessPolicy -> {
                accessPolicy.allowedOperations().forEach(resourceOperations -> {
                    this.allDefinedResourceTypes.add(resourceOperations.resourceType());
                    this.allDefinedOperations.addAll(resourceOperations.operations());
                });
            });
        }
        List asList = Arrays.asList(ParitySuite.U_FLOW_SERVICE_ADMIN, this.U_O1, this.U_O1_E1, this.U_O1_E1_C1, this.U_O1_NO_ROLE, this.U_O2, this.U_O2_E1, this.U_O2_E1_C1, this.U_O1_sibling, this.U_O1_E1_sibling, this.U_O1_E1_C1_sibling, this.U_O1_MV, this.U_O2_MV, this.U_O1_E1_C1_RO, this.U_O1_E1_C1_T1_RO, this.U_O1_E1_C1_T1_DR, this.U_O1_E1_C1_T1_DW, this.U_O1_E1_C1_T1_DM, this.U_O1_E1_C1_G1_RO, this.U_O1_E1_C1_G1_DR, this.U_O1_E1_C1_G1_DM, this.U_O1_E1_C1_I1_RO, this.U_O1_E1_C1_I1_DR, this.U_O1_E1_C1_I1_DW, this.U_O1_E1_C1_I1_DM, this.U_O1_E1_DD, this.U_O2_E1_DD, this.U_O1_E1_DS, this.U_O1_E1_DS_sibling, this.U_O2_E1_DS);
        this.ldapCrud.createUsers(asList);
        asList.forEach(str -> {
            this.retrofitClients.put(str, V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str));
        });
        Object[] objArr = {new Object[]{this.U_O1, V2RolesUtil.ROLE_ORG_ADMIN, this.S_O1}, new Object[]{this.U_O1_E1, V2RolesUtil.ROLE_ENV_ADMIN, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.S_O1_E1_C1}, new Object[]{this.U_O1_sibling, V2RolesUtil.ROLE_ORG_ADMIN, this.S_O1}, new Object[]{this.U_O1_E1_sibling, V2RolesUtil.ROLE_ENV_ADMIN, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_sibling, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.S_O1_E1_C1}, new Object[]{this.U_O2, V2RolesUtil.ROLE_ORG_ADMIN, this.S_O2}, new Object[]{this.U_O2_E1, V2RolesUtil.ROLE_ENV_ADMIN, this.S_O2_E1}, new Object[]{this.U_O2_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.S_O2_E1_C1}, new Object[]{this.U_O1_MV, V2RolesUtil.ROLE_METRICS_VIEWER, this.S_O1}, new Object[]{this.U_O1_E1_DD, "DataDiscovery", this.S_O1_E1}, new Object[]{this.U_O2_E1_DD, "DataDiscovery", this.S_O2_E1}, new Object[]{this.U_O1_E1_DS, "DataSteward", this.S_O1_E1}, new Object[]{this.U_O1_E1_DS_sibling, "DataSteward", this.S_O1_E1}, new Object[]{this.U_O2_E1_DS, "DataSteward", this.S_O2_E1}};
        V2RbacRestApi v2RbacRestApi = this.retrofitClients.get(ParitySuite.U_FLOW_SERVICE_ADMIN);
        for (Object[] objArr2 : objArr) {
            Assert.assertTrue(v2RbacRestApi.addClusterRoleForPrincipal("User:" + ((String) objArr2[0]), (String) objArr2[1], (MdsScope) objArr2[2]).execute().isSuccessful());
        }
        Object[] objArr3 = {new Object[]{this.U_O1_E1_C1_RO, "ResourceOwner", this.S_O1_E1_C1, this.CLUSTER_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_T1_RO, "ResourceOwner", this.S_O1_E1_C1, this.TOPIC_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_T1_DR, "DeveloperRead", this.S_O1_E1_C1, this.TOPIC_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_T1_DW, "DeveloperWrite", this.S_O1_E1_C1, this.TOPIC_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_T1_DM, "DeveloperManage", this.S_O1_E1_C1, this.TOPIC_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_G1_RO, "ResourceOwner", this.S_O1_E1_C1, this.GROUP_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_G1_DR, "DeveloperRead", this.S_O1_E1_C1, this.GROUP_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_G1_DM, "DeveloperManage", this.S_O1_E1_C1, this.GROUP_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_I1_RO, "ResourceOwner", this.S_O1_E1_C1, this.TRANSACTIONAL_ID_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_I1_DR, "DeveloperRead", this.S_O1_E1_C1, this.TRANSACTIONAL_ID_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_I1_DW, "DeveloperWrite", this.S_O1_E1_C1, this.TRANSACTIONAL_ID_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_I1_DM, "DeveloperManage", this.S_O1_E1_C1, this.TRANSACTIONAL_ID_RESOURCE_TYPE}};
        V2RbacRestApi v2RbacRestApi2 = this.retrofitClients.get(this.U_O1);
        for (Object[] objArr4 : objArr3) {
            String str2 = (String) objArr4[0];
            String str3 = (String) objArr4[1];
            MdsScope mdsScope = this.S_O1_E1_C1_Kafka;
            ResourceType resourceType = (ResourceType) objArr4[3];
            Assert.assertTrue(v2RbacRestApi2.addRoleResourcesForPrincipal("User:" + str2, str3, new ResourcesRequest(mdsScope, Collections.singletonList(new ResourcePattern(resourceType, this.resourceNames.get(resourceType.name()), PatternType.LITERAL)))).execute().isSuccessful());
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] sameOrg_AuthorizeTestData() {
        return new Object[]{new Object[]{this.U_O1, V2RolesUtil.ROLE_ORG_ADMIN, this.U_O1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_ORG_ADMIN, this.U_O1, this.S_O1_E1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_ORG_ADMIN, this.U_O1, this.S_O1, null}, new Object[]{this.U_O1_E1, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1_E1, null}, new Object[]{this.U_O1_E1, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1, null}, new Object[]{this.U_O1_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1_E1, null}, new Object[]{this.U_O1_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1, null}, new Object[]{this.U_O1_E1_DD, "DataDiscovery", this.U_O1_E1_DD, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1_DD, "DataDiscovery", this.U_O1_E1_DD, this.S_O1_E1, null}, new Object[]{this.U_O1_E1_DD, "DataDiscovery", this.U_O1_E1_DD, this.S_O1, null}, new Object[]{this.U_O1_E1_DS, "DataSteward", this.U_O1_E1_DS, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1_DS, "DataSteward", this.U_O1_E1_DS, this.S_O1_E1, null}, new Object[]{this.U_O1_E1_DS, "DataSteward", this.U_O1_E1_DS, this.S_O1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1_E1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1_E1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1, null}, new Object[]{this.U_O1, V2RolesUtil.ROLE_METRICS_VIEWER, this.U_O1_MV, this.S_O1, null}, new Object[]{this.U_O1, "ResourceOwner", this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka, this.CLUSTER_RESOURCE_TYPE}, new Object[]{this.U_O1, "DataDiscovery", this.U_O1_E1_DD, this.S_O1, null}, new Object[]{this.U_O1, "DataSteward", this.U_O1_E1_DS, this.S_O1, null}, new Object[]{this.U_O1_E1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1_E1, null}, new Object[]{this.U_O1_E1, "ResourceOwner", this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka, this.CLUSTER_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1, "ResourceOwner", this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka, this.CLUSTER_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1, V2RolesUtil.ROLE_ORG_ADMIN, this.U_O1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1_C1, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1, V2RolesUtil.ROLE_ORG_ADMIN, this.U_O1, this.S_O1_E1, null}, new Object[]{this.U_O1_sibling, V2RolesUtil.ROLE_ORG_ADMIN, this.U_O1, this.S_O1, null}, new Object[]{this.U_O1_sibling, V2RolesUtil.ROLE_ORG_ADMIN, this.U_O1, this.S_O1_E1, null}, new Object[]{this.U_O1_sibling, V2RolesUtil.ROLE_ORG_ADMIN, this.U_O1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1_sibling, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1_E1, null}, new Object[]{this.U_O1_E1_sibling, V2RolesUtil.ROLE_ENV_ADMIN, this.U_O1_E1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_E1_C1_sibling, V2RolesUtil.ROLE_CCLUSTER_ADMIN, this.U_O1_E1_C1, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_MV, V2RolesUtil.ROLE_METRICS_VIEWER, this.U_O1_MV, this.S_O1_E1_C1, null}, new Object[]{this.U_O1_MV, V2RolesUtil.ROLE_METRICS_VIEWER, this.U_O1_MV, this.S_O1_E1, null}, new Object[]{this.U_O1_MV, V2RolesUtil.ROLE_METRICS_VIEWER, this.U_O1_MV, this.S_O1, null}, new Object[]{this.U_O1_E1_C1_RO, "ResourceOwner", this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka, this.CLUSTER_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_T1_RO, "ResourceOwner", this.U_O1_E1_C1_T1_RO, this.S_O1_E1_C1_Kafka, this.TOPIC_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_T1_DR, "DeveloperRead", this.U_O1_E1_C1_T1_DR, this.S_O1_E1_C1_Kafka, this.TOPIC_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_T1_DW, "DeveloperWrite", this.U_O1_E1_C1_T1_DW, this.S_O1_E1_C1_Kafka, this.TOPIC_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_T1_DM, "DeveloperManage", this.U_O1_E1_C1_T1_DM, this.S_O1_E1_C1_Kafka, this.TOPIC_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_G1_RO, "ResourceOwner", this.U_O1_E1_C1_G1_RO, this.S_O1_E1_C1_Kafka, this.GROUP_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_G1_DR, "DeveloperRead", this.U_O1_E1_C1_G1_DR, this.S_O1_E1_C1_Kafka, this.GROUP_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_G1_DM, "DeveloperManage", this.U_O1_E1_C1_G1_DM, this.S_O1_E1_C1_Kafka, this.GROUP_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_I1_RO, "ResourceOwner", this.U_O1_E1_C1_I1_RO, this.S_O1_E1_C1_Kafka, this.TRANSACTIONAL_ID_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_I1_DR, "DeveloperRead", this.U_O1_E1_C1_I1_DR, this.S_O1_E1_C1_Kafka, this.TRANSACTIONAL_ID_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_I1_DW, "DeveloperWrite", this.U_O1_E1_C1_I1_DW, this.S_O1_E1_C1_Kafka, this.TRANSACTIONAL_ID_RESOURCE_TYPE}, new Object[]{this.U_O1_E1_C1_I1_DM, "DeveloperManage", this.U_O1_E1_C1_I1_DM, this.S_O1_E1_C1_Kafka, this.TRANSACTIONAL_ID_RESOURCE_TYPE}};
    }

    @Test(dataProvider = "sameOrg_AuthorizeTestData")
    public void sameOrg_authorizeTests(String str, String str2, String str3, MdsScope mdsScope, ResourceType resourceType) throws IOException {
        Role role = this.allRoles.stream().filter(role2 -> {
            return str2.equals(role2.name());
        }).findAny().get();
        List list = (List) this.allDefinedResourceTypes.stream().flatMap(str4 -> {
            return this.allDefinedOperations.stream().flatMap(str4 -> {
                return this.resourceNames.containsKey(str4) ? Stream.of((Object[]) new Action[]{new Action(mdsScope.scope(), new ResourceType(str4), this.resourceNames.get(str4), new Operation(str4)), new Action(mdsScope.scope(), new ResourceType(str4), "wrongResource", new Operation(str4))}) : Stream.of(new Action(mdsScope.scope(), new ResourceType(str4), "ignoredForNonResourceRoles", new Operation(str4)));
            });
        }).collect(Collectors.toList());
        Response execute = this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str3, list)).execute();
        List list2 = (List) execute.body();
        Assert.assertEquals(execute.code(), 200);
        Assert.assertNotNull(list2);
        Assert.assertFalse(list2.isEmpty());
        Assert.assertEquals(list2.size(), list.size());
        int i = 0;
        for (int i2 = 0; i2 < list.size(); i2++) {
            AuthorizeResult authorizeResult = (AuthorizeResult) list2.get(i2);
            Action action = (Action) list.get(i2);
            ResourceType resourceType2 = action.resourceType();
            String resourceName = action.resourceName();
            Operation operation = action.operation();
            Assert.assertEquals(authorizeResult, computeExpected(role, resourceType, mdsScope.scope(), resourceType2, resourceName, operation), "Auth wrong for " + str2 + " resourceType:" + resourceType2 + " resourceName:" + resourceName + " operation:" + operation);
            if (authorizeResult.equals(AuthorizeResult.ALLOWED)) {
                i++;
            }
        }
        Assert.assertTrue(i > 0, "All roles should have at least one allowed operation.");
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] sameOrg_ResourceOwnerTestData() {
        return new Object[]{new Object[]{this.U_O1_E1_C1_RO, "Cluster", this.U_O1, V2RolesUtil.ROLE_ORG_ADMIN, null}, new Object[]{this.U_O1_E1_C1_RO, "Cluster", this.U_O1_E1, V2RolesUtil.ROLE_ENV_ADMIN, null}, new Object[]{this.U_O1_E1_C1_RO, "Cluster", this.U_O1_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, null}, new Object[]{this.U_O1_E1_C1_RO, "Cluster", this.U_O1_E1_C1_T1_RO, "ResourceOwner", "Topic"}, new Object[]{this.U_O1_E1_C1_RO, "Cluster", this.U_O1_E1_C1_T1_DR, "DeveloperRead", "Topic"}, new Object[]{this.U_O1_E1_C1_T1_RO, "Topic", this.U_O1, V2RolesUtil.ROLE_ORG_ADMIN, null}, new Object[]{this.U_O1_E1_C1_T1_RO, "Topic", this.U_O1_E1, V2RolesUtil.ROLE_ENV_ADMIN, null}, new Object[]{this.U_O1_E1_C1_T1_RO, "Topic", this.U_O1_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, null}, new Object[]{this.U_O1_E1_C1_T1_RO, "Topic", this.U_O1_E1_C1_RO, "ResourceOwner", "Cluster"}, new Object[]{this.U_O1_E1_C1_T1_RO, "Topic", this.U_O1_E1_C1_T1_DR, "DeveloperRead", "Topic"}, new Object[]{this.U_O1_E1_C1_G1_RO, "Group", this.U_O1, V2RolesUtil.ROLE_ORG_ADMIN, null}, new Object[]{this.U_O1_E1_C1_G1_RO, "Group", this.U_O1_E1, V2RolesUtil.ROLE_ENV_ADMIN, null}, new Object[]{this.U_O1_E1_C1_G1_RO, "Group", this.U_O1_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, null}, new Object[]{this.U_O1_E1_C1_G1_RO, "Group", this.U_O1_E1_C1_RO, "ResourceOwner", "Cluster"}, new Object[]{this.U_O1_E1_C1_G1_RO, "Group", this.U_O1_E1_C1_T1_DR, "DeveloperRead", "Topic"}, new Object[]{this.U_O1_E1_C1_I1_RO, "TransactionalId", this.U_O1, V2RolesUtil.ROLE_ORG_ADMIN, null}, new Object[]{this.U_O1_E1_C1_I1_RO, "TransactionalId", this.U_O1_E1, V2RolesUtil.ROLE_ENV_ADMIN, null}, new Object[]{this.U_O1_E1_C1_I1_RO, "TransactionalId", this.U_O1_E1_C1, V2RolesUtil.ROLE_CCLUSTER_ADMIN, null}, new Object[]{this.U_O1_E1_C1_I1_RO, "TransactionalId", this.U_O1_E1_C1_RO, "ResourceOwner", "Cluster"}, new Object[]{this.U_O1_E1_C1_I1_RO, "TransactionalId", this.U_O1_E1_C1_T1_DR, "DeveloperRead", "Topic"}};
    }

    @Test(dataProvider = "sameOrg_ResourceOwnerTestData")
    public void sameOrg_ResourceOwnerTest(String str, String str2, String str3, String str4, String str5) throws IOException {
        MdsScope mdsScope = this.S_O1_E1_C1_Kafka;
        Role role = this.allRoles.stream().filter(role2 -> {
            return str4.equals(role2.name());
        }).findAny().get();
        List list = (List) this.allDefinedOperations.stream().map(str6 -> {
            return new Action(mdsScope.scope(), new ResourceType(str2), this.resourceNames.get(str2), new Operation(str6));
        }).collect(Collectors.toList());
        Response execute = this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str3, list)).execute();
        List list2 = (List) execute.body();
        Assert.assertEquals(execute.code(), 200);
        Assert.assertNotNull(list2);
        Assert.assertFalse(list2.isEmpty());
        Assert.assertEquals(list2.size(), list.size());
        for (int i = 0; i < list.size(); i++) {
            AuthorizeResult authorizeResult = (AuthorizeResult) list2.get(i);
            Action action = (Action) list.get(i);
            ResourceType resourceType = action.resourceType();
            String resourceName = action.resourceName();
            Operation operation = action.operation();
            Assert.assertEquals(authorizeResult, computeExpected(role, new ResourceType(str5), mdsScope.scope(), resourceType, resourceName, operation), "Auth wrong for " + str4 + " resourceType:" + resourceType + " resourceName:" + resourceName + " operation:" + operation);
        }
    }

    private AuthorizeResult computeExpected(Role role, ResourceType resourceType, Scope scope, ResourceType resourceType2, String str, Operation operation) {
        HashSet hashSet = new HashSet();
        hashSet.addAll((Collection) scope.path().stream().map(str2 -> {
            return str2.substring(0, str2.indexOf("="));
        }).collect(Collectors.toSet()));
        if (!scope.clusters().isEmpty()) {
            hashSet.add("cluster");
        }
        HashSet hashSet2 = new HashSet();
        hashSet2.add(operation);
        hashSet2.add(this.ALL_OPERATION);
        if ("Describe".equals(operation.toString())) {
            hashSet2.add(new Operation("Read"));
            hashSet2.add(new Operation("Write"));
            hashSet2.add(new Operation("Delete"));
            hashSet2.add(new Operation("Alter"));
        } else if ("DescribeConfigs".equals(operation.toString())) {
            hashSet2.add(new Operation("AlterConfigs"));
        }
        for (Map.Entry entry : role.accessPolicies().entrySet()) {
            String str3 = (String) entry.getKey();
            for (AccessPolicy accessPolicy : (Collection) entry.getValue()) {
                if (hashSet.contains(str3) && (!accessPolicy.bindWithResource() || (resourceType2.equals(resourceType) && str.equals(this.resourceNames.get(resourceType2.name()))))) {
                    Collection allowedOperations = accessPolicy.allowedOperations(resourceType2);
                    if (allowedOperations != null && !Collections.disjoint(allowedOperations, hashSet2)) {
                        return AuthorizeResult.ALLOWED;
                    }
                    Collection allowedOperations2 = accessPolicy.allowedOperations(this.ALL_RESOURCE_TYPE);
                    if (allowedOperations != null && !Collections.disjoint(allowedOperations2, hashSet2)) {
                        return AuthorizeResult.ALLOWED;
                    }
                }
            }
        }
        return AuthorizeResult.DENIED;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] authorize_allDeniedCalls() {
        return new Object[]{new Object[]{this.U_O1_NO_ROLE, this.U_O1_NO_ROLE, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_NO_ROLE, this.U_O1_NO_ROLE, this.S_O1_E1_C1}, new Object[]{this.U_O1_NO_ROLE, this.U_O1_NO_ROLE, this.S_O1_E1}, new Object[]{this.U_O1_NO_ROLE, this.U_O1_NO_ROLE, this.S_O1}, new Object[]{this.U_O2, this.U_O2, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O2, this.U_O2, this.S_O1_E1_C1}, new Object[]{this.U_O2, this.U_O2, this.S_O1_E1}, new Object[]{this.U_O2, this.U_O2, this.S_O1}, new Object[]{this.U_O2_E1_C1, this.U_O2_E1_C1, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O2_E1_C1, this.U_O2_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O2_E1_C1, this.U_O2_E1_C1, this.S_O1_E1}, new Object[]{this.U_O2_E1_C1, this.U_O2_E1_C1, this.S_O1}, new Object[]{this.U_O2_MV, this.U_O2_MV, this.S_O1}, new Object[]{this.U_O2_E1_DD, this.U_O2_E1_DD, this.S_O1}, new Object[]{this.U_O2_E1_DS, this.U_O2_E1_DS, this.S_O1}, new Object[]{this.U_O1, this.U_O2, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1, this.U_O2, this.S_O1_E1_C1}, new Object[]{this.U_O1, this.U_O2, this.S_O1_E1}, new Object[]{this.U_O1, this.U_O2, this.S_O1}, new Object[]{this.U_O1, this.U_O2_E1_C1, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1, this.U_O2_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1, this.U_O2_E1_C1, this.S_O1_E1}, new Object[]{this.U_O1, this.U_O2_E1_C1, this.S_O1}, new Object[]{this.U_O1, this.U_O2_MV, this.S_O1}, new Object[]{this.U_O1, this.U_O2_E1_DD, this.S_O1}, new Object[]{this.U_O1, this.U_O2_E1_DS, this.S_O1}};
    }

    @Test(dataProvider = "authorize_allDeniedCalls")
    public void authorize_allDeniedTests(String str, String str2, MdsScope mdsScope) throws IOException {
        List list = (List) this.allDefinedResourceTypes.stream().flatMap(str3 -> {
            return this.allDefinedOperations.stream().map(str3 -> {
                return new Action(mdsScope.scope(), new ResourceType(str3), this.resourceNames.getOrDefault(str3, "ignoredForNonResourceRoles"), new Operation(str3));
            });
        }).collect(Collectors.toList());
        List list2 = (List) this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str2, list)).execute().body();
        Assert.assertNotNull(list2);
        Assert.assertEquals(list2.size(), list.size());
        list2.forEach(authorizeResult -> {
            Assert.assertEquals(authorizeResult, AuthorizeResult.DENIED, "All authorize actions should be DENIED.");
        });
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] forbiddenCalls() {
        return new Object[]{new Object[]{this.U_O1_NO_ROLE, this.U_O1, this.S_O1_E1_C1}, new Object[]{this.U_O1_NO_ROLE, this.U_O1, this.S_O1_E1}, new Object[]{this.U_O1_NO_ROLE, this.U_O1, this.S_O1}, new Object[]{this.U_O2, this.U_O1, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O2, this.U_O1, this.S_O1_E1_C1}, new Object[]{this.U_O2, this.U_O1, this.S_O1_E1}, new Object[]{this.U_O2, this.U_O1, this.S_O1}, new Object[]{this.U_O2_E1_C1, this.U_O1_E1_C1, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O2_E1_C1, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O2_E1_C1, this.U_O1_E1_C1, this.S_O1_E1}, new Object[]{this.U_O2_E1_C1, this.U_O1_E1_C1, this.S_O1}, new Object[]{this.U_O2_E1_DD, this.U_O1_E1_DD, this.S_O1}, new Object[]{this.U_O2_E1_DS, this.U_O1_E1_DS, this.S_O1}, new Object[]{this.U_O1_E1_C1, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1, this.U_O1_E1, this.S_O1}, new Object[]{this.U_O1_E1_C1, this.U_O1_MV, this.S_O1}, new Object[]{this.U_O1_E1_C1, this.U_O1_E1_DD, this.S_O1}, new Object[]{this.U_O1_E1, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1, this.U_O1_MV, this.S_O1}, new Object[]{this.U_O1_E1_C1_RO, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_RO, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_RO, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_RO, this.U_O1_E1_C1_T1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1_C1_T1_RO, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_T1_RO, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_T1_RO, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_T1_RO, this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1_C1_T1_RO, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_T1_DR, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_T1_DR, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_T1_DR, this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1_C1_T1_DW, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_T1_DW, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_T1_DW, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_T1_DW, this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1_C1_G1_RO, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_G1_RO, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_G1_RO, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_G1_RO, this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1_C1_G1_RO, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_G1_DR, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_G1_DR, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_G1_DR, this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1_C1_I1_RO, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_I1_RO, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_I1_RO, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_I1_RO, this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1_C1_I1_RO, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_I1_DR, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_I1_DR, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_I1_DR, this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1_C1_I1_DW, this.U_O1, this.S_O1}, new Object[]{this.U_O1_E1_C1_I1_DW, this.U_O1_E1, this.S_O1_E1}, new Object[]{this.U_O1_E1_C1_I1_DW, this.U_O1_E1_C1, this.S_O1_E1_C1}, new Object[]{this.U_O1_E1_C1_I1_DW, this.U_O1_E1_C1_RO, this.S_O1_E1_C1_Kafka}, new Object[]{this.U_O1_E1, this.U_O1_E1_DD, this.S_O1}, new Object[]{this.U_O1_E1, this.U_O1_E1_DS, this.S_O1}};
    }

    @Test(dataProvider = "forbiddenCalls")
    public void forbidden_AuthorizeTests(String str, String str2, MdsScope mdsScope) throws IOException {
        Response execute = this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str2, (List) this.allDefinedResourceTypes.stream().flatMap(str3 -> {
            return this.allDefinedOperations.stream().map(str3 -> {
                return new Action(mdsScope.scope(), new ResourceType(str3), this.resourceNames.getOrDefault(str3, "ignoredForNonResourceRoles"), new Operation(str3));
            });
        }).collect(Collectors.toList()))).execute();
        Assert.assertFalse(execute.isSuccessful());
        Assert.assertEquals(execute.code(), 403);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] invalidAuthorizeData() {
        return new Object[]{new Object[]{this.S_O1_E1_C1, "RandoResourceType", "Describe", "Invalid resource type"}, new Object[]{this.S_O1_E1, "RandoResourceType", "Describe", "Invalid resource type"}, new Object[]{this.S_O1, "RandoResourceType", "Describe", "Invalid resource type"}, new Object[]{this.S_O1_E1_C1, "Topic", "RandoOperation", "Invalid operation"}, new Object[]{this.S_O1_E1, "Topic", "RandoOperation", "Invalid operation"}, new Object[]{this.S_O1, "Topic", "RandoOperation", "Invalid operation"}};
    }

    @Test(dataProvider = "invalidAuthorizeData")
    public void invalidAuthorizeFailureTests(MdsScope mdsScope, String str, String str2, String str3) throws IOException {
        Response execute = this.retrofitClients.get(this.U_O1).authorize(new AuthorizeRequest("User:" + this.U_O1, Collections.singletonList(new Action(mdsScope.scope(), new ResourceType(str), this.resourceNames.getOrDefault(str, "ignoredForNonResourceRoles"), new Operation(str2))))).execute();
        Assert.assertFalse(execute.isSuccessful());
        Assert.assertEquals(execute.code(), 400);
        Assert.assertTrue(execute.errorBody().string().contains(str3), "Error message should contain:" + str3);
    }
}
