package org.apache.druid.indexing.overlord.http.security;

import com.google.common.base.Optional;
import com.sun.jersey.spi.container.ContainerRequest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import org.apache.druid.indexing.overlord.supervisor.SupervisorManager;
import org.apache.druid.indexing.overlord.supervisor.SupervisorSpec;
import org.apache.druid.server.security.Access;
import org.apache.druid.server.security.Action;
import org.apache.druid.server.security.AuthenticationResult;
import org.apache.druid.server.security.Authorizer;
import org.apache.druid.server.security.AuthorizerMapper;
import org.apache.druid.server.security.ForbiddenException;
import org.apache.druid.server.security.Resource;
import org.easymock.EasyMock;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/druid/indexing/overlord/http/security/SupervisorResourceFilterTest.class */
public class SupervisorResourceFilterTest {
    private AuthorizerMapper authorizerMapper;
    private SupervisorManager supervisorManager;
    private SupervisorResourceFilter resourceFilter;
    private ContainerRequest containerRequest;
    private List<Object> mocksToVerify;

    @Before
    public void setup() {
        this.supervisorManager = (SupervisorManager) EasyMock.createMock(SupervisorManager.class);
        this.authorizerMapper = (AuthorizerMapper) EasyMock.createMock(AuthorizerMapper.class);
        this.resourceFilter = new SupervisorResourceFilter(this.authorizerMapper, this.supervisorManager);
        this.containerRequest = (ContainerRequest) EasyMock.createMock(ContainerRequest.class);
        this.mocksToVerify = new ArrayList();
    }

    @Test
    public void testGetWhenUserHasReadAccess() {
        setExpectations("/druid/indexer/v1/supervisor/datasource1", "GET", "datasource1", Action.READ, true);
        Assert.assertNotNull(this.resourceFilter.filter(this.containerRequest));
        verifyMocks();
    }

    @Test
    public void testGetWhenUserHasNoReadAccess() {
        setExpectations("/druid/indexer/v1/supervisor/datasource1", "GET", "datasource1", Action.READ, false);
        ForbiddenException forbiddenException = null;
        try {
            this.resourceFilter.filter(this.containerRequest);
        } catch (ForbiddenException e) {
            forbiddenException = e;
        }
        Assert.assertNotNull(forbiddenException);
        verifyMocks();
    }

    @Test
    public void testPostWhenUserHasWriteAccess() {
        setExpectations("/druid/indexer/v1/supervisor/datasource1", "POST", "datasource1", Action.WRITE, true);
        Assert.assertNotNull(this.resourceFilter.filter(this.containerRequest));
        verifyMocks();
    }

    @Test
    public void testPostWhenUserHasNoWriteAccess() {
        setExpectations("/druid/indexer/v1/supervisor/datasource1", "POST", "datasource1", Action.WRITE, false);
        ForbiddenException forbiddenException = null;
        try {
            this.resourceFilter.filter(this.containerRequest);
        } catch (ForbiddenException e) {
            forbiddenException = e;
        }
        Assert.assertNotNull(forbiddenException);
        verifyMocks();
    }

    @Test
    public void testSupervisorNotFound() {
        EasyMock.expect(this.containerRequest.getPathSegments()).andReturn(getPathSegments("/druid/indexer/v1/supervisor/not_exist_data_source")).anyTimes();
        EasyMock.expect(this.containerRequest.getMethod()).andReturn("POST").anyTimes();
        EasyMock.expect(((SupervisorSpec) EasyMock.createMock(SupervisorSpec.class)).getDataSources()).andReturn(Collections.singletonList("not_exist_data_source")).anyTimes();
        EasyMock.expect(this.supervisorManager.getSupervisorSpec("not_exist_data_source")).andReturn(Optional.absent()).atLeastOnce();
        EasyMock.replay(new Object[]{this.containerRequest});
        EasyMock.replay(new Object[]{this.supervisorManager});
        WebApplicationException webApplicationException = null;
        try {
            this.resourceFilter.filter(this.containerRequest);
        } catch (WebApplicationException e) {
            webApplicationException = e;
        }
        Assert.assertNotNull(webApplicationException);
        Assert.assertEquals(webApplicationException.getResponse().getStatus(), Response.Status.NOT_FOUND.getStatusCode());
        EasyMock.verify(new Object[]{this.containerRequest});
        EasyMock.verify(new Object[]{this.supervisorManager});
    }

    private void setExpectations(String str, String str2, String str3, Action action, boolean z) {
        EasyMock.expect(this.containerRequest.getPathSegments()).andReturn(getPathSegments(str)).anyTimes();
        EasyMock.expect(this.containerRequest.getMethod()).andReturn(str2).anyTimes();
        SupervisorSpec supervisorSpec = (SupervisorSpec) EasyMock.createMock(SupervisorSpec.class);
        EasyMock.expect(supervisorSpec.getDataSources()).andReturn(Collections.singletonList(str3)).anyTimes();
        EasyMock.expect(this.supervisorManager.getSupervisorSpec(str3)).andReturn(Optional.of(supervisorSpec)).atLeastOnce();
        HttpServletRequest httpServletRequest = (HttpServletRequest) EasyMock.createMock(HttpServletRequest.class);
        EasyMock.expect(httpServletRequest.getAttribute("Druid-Allow-Unsecured-Path")).andReturn((Object) null).anyTimes();
        EasyMock.expect(httpServletRequest.getAttribute("Druid-Authorization-Checked")).andReturn((Object) null).anyTimes();
        httpServletRequest.setAttribute((String) EasyMock.isA(String.class), EasyMock.anyObject());
        AuthenticationResult authenticationResult = (AuthenticationResult) EasyMock.createMock(AuthenticationResult.class);
        EasyMock.expect(authenticationResult.getAuthorizerName()).andReturn("authorizer").anyTimes();
        Authorizer authorizer = (Authorizer) EasyMock.createMock(Authorizer.class);
        EasyMock.expect(authorizer.authorize(authenticationResult, new Resource(str3, "DATASOURCE"), action)).andReturn(new Access(z)).anyTimes();
        EasyMock.expect(this.authorizerMapper.getAuthorizer("authorizer")).andReturn(authorizer).atLeastOnce();
        EasyMock.expect(httpServletRequest.getAttribute("Druid-Authentication-Result")).andReturn(authenticationResult).atLeastOnce();
        this.resourceFilter.setReq(httpServletRequest);
        this.mocksToVerify = Arrays.asList(this.authorizerMapper, supervisorSpec, this.supervisorManager, httpServletRequest, authorizer, authenticationResult, this.containerRequest);
        replayMocks();
    }

    private void replayMocks() {
        Iterator<Object> it = this.mocksToVerify.iterator();
        while (it.hasNext()) {
            EasyMock.replay(new Object[]{it.next()});
        }
    }

    private void verifyMocks() {
        Iterator<Object> it = this.mocksToVerify.iterator();
        while (it.hasNext()) {
            EasyMock.verify(new Object[]{it.next()});
        }
    }

    private List<PathSegment> getPathSegments(String str) {
        String[] split = str.split("/");
        ArrayList arrayList = new ArrayList();
        for (final String str2 : split) {
            arrayList.add(new PathSegment() { // from class: org.apache.druid.indexing.overlord.http.security.SupervisorResourceFilterTest.1
                public String getPath() {
                    return str2;
                }

                public MultivaluedMap<String, String> getMatrixParameters() {
                    return null;
                }
            });
        }
        return arrayList;
    }
}
