package org.apache.druid.tests.security;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.google.inject.Inject;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.calcite.avatica.AvaticaSqlException;
import org.apache.druid.common.config.NullHandling;
import org.apache.druid.guice.annotations.Client;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.java.util.common.jackson.JacksonUtils;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.java.util.http.client.CredentialedHttpClient;
import org.apache.druid.java.util.http.client.HttpClient;
import org.apache.druid.java.util.http.client.auth.BasicCredentials;
import org.apache.druid.java.util.http.client.response.StatusResponseHolder;
import org.apache.druid.testing.IntegrationTestingConfig;
import org.apache.druid.testing.clients.CoordinatorResourceTestClient;
import org.apache.druid.testing.utils.HttpUtil;
import org.apache.druid.testing.utils.TestQueryHelper;
import org.apache.druid.tests.TestNGGroup;
import org.apache.druid.tests.indexer.AbstractIndexerTest;
import org.jboss.netty.handler.codec.http.HttpMethod;
import org.jboss.netty.handler.codec.http.HttpResponseStatus;
import org.testng.Assert;

/* loaded from: input_file:org/apache/druid/tests/security/AbstractAuthConfigurationTest.class */
public abstract class AbstractAuthConfigurationTest {
    private static final Logger LOG = new Logger(AbstractAuthConfigurationTest.class);
    static final TypeReference<List<Map<String, Object>>> SYS_SCHEMA_RESULTS_TYPE_REFERENCE = new TypeReference<List<Map<String, Object>>>() { // from class: org.apache.druid.tests.security.AbstractAuthConfigurationTest.1
    };
    static final String SYSTEM_SCHEMA_SEGMENTS_RESULTS_RESOURCE = "/results/auth_test_sys_schema_segments.json";
    static final String SYSTEM_SCHEMA_SERVER_SEGMENTS_RESULTS_RESOURCE = "/results/auth_test_sys_schema_server_segments.json";
    static final String SYSTEM_SCHEMA_SERVERS_RESULTS_RESOURCE = "/results/auth_test_sys_schema_servers.json";
    static final String SYSTEM_SCHEMA_TASKS_RESULTS_RESOURCE = "/results/auth_test_sys_schema_tasks.json";
    static final String SYS_SCHEMA_SEGMENTS_QUERY = "SELECT * FROM sys.segments WHERE datasource IN ('auth_test')";
    static final String SYS_SCHEMA_SERVERS_QUERY = "SELECT * FROM sys.servers WHERE tier IS NOT NULL";
    static final String SYS_SCHEMA_SERVER_SEGMENTS_QUERY = "SELECT * FROM sys.server_segments WHERE segment_id LIKE 'auth_test%'";
    static final String SYS_SCHEMA_TASKS_QUERY = "SELECT * FROM sys.tasks WHERE datasource IN ('auth_test')";
    private static final String INVALID_NAME = "invalid%2Fname";
    List<Map<String, Object>> adminSegments;
    List<Map<String, Object>> adminTasks;
    List<Map<String, Object>> adminServers;
    List<Map<String, Object>> adminServerSegments;

    @Inject
    IntegrationTestingConfig config;

    @Inject
    ObjectMapper jsonMapper;

    @Client
    @Inject
    HttpClient httpClient;

    @Inject
    CoordinatorResourceTestClient coordinatorClient;
    HttpClient adminClient;
    HttpClient datasourceOnlyUserClient;
    HttpClient datasourceWithStateUserClient;
    HttpClient stateOnlyUserClient;
    HttpClient internalSystemClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkNodeAccess(HttpClient httpClient) {
        HttpUtil.makeRequest(httpClient, HttpMethod.GET, this.config.getCoordinatorUrl() + "/status", (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.GET, this.config.getOverlordUrl() + "/status", (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.GET, this.config.getBrokerUrl() + "/status", (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.GET, this.config.getHistoricalUrl() + "/status", (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.GET, this.config.getRouterUrl() + "/status", (byte[]) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkLoadStatus(HttpClient httpClient) throws Exception {
        checkLoadStatusSingle(httpClient, this.config.getCoordinatorUrl());
        checkLoadStatusSingle(httpClient, this.config.getOverlordUrl());
        checkLoadStatusSingle(httpClient, this.config.getBrokerUrl());
        checkLoadStatusSingle(httpClient, this.config.getHistoricalUrl());
        checkLoadStatusSingle(httpClient, this.config.getRouterUrl());
    }

    void testOptionsRequests(HttpClient httpClient) {
        HttpUtil.makeRequest(httpClient, HttpMethod.OPTIONS, this.config.getCoordinatorUrl() + "/status", (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.OPTIONS, this.config.getOverlordUrl() + "/status", (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.OPTIONS, this.config.getBrokerUrl() + "/status", (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.OPTIONS, this.config.getHistoricalUrl() + "/status", (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.OPTIONS, this.config.getRouterUrl() + "/status", (byte[]) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkUnsecuredCoordinatorLoadQueuePath(HttpClient httpClient) {
        HttpUtil.makeRequest(httpClient, HttpMethod.GET, this.config.getCoordinatorUrl() + "/druid/coordinator/v1/loadqueue", (byte[]) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testAvaticaQuery(String str) {
        LOG.info("URL: " + str, new Object[0]);
        try {
            Properties properties = new Properties();
            properties.setProperty("user", "admin");
            properties.setProperty("password", "priest");
            Connection connection = DriverManager.getConnection(str, properties);
            Statement createStatement = connection.createStatement();
            createStatement.setMaxRows(450);
            Assert.assertTrue(createStatement.executeQuery("SELECT * FROM INFORMATION_SCHEMA.COLUMNS").next());
            createStatement.close();
            connection.close();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void testAvaticaAuthFailure(String str) throws Exception {
        LOG.info("URL: " + str, new Object[0]);
        try {
            Properties properties = new Properties();
            properties.setProperty("user", "admin");
            properties.setProperty("password", "wrongpassword");
            Statement createStatement = DriverManager.getConnection(str, properties).createStatement();
            createStatement.setMaxRows(450);
            createStatement.executeQuery("SELECT * FROM INFORMATION_SCHEMA.COLUMNS");
            Assert.fail("Test failed, did not get AvaticaSqlException.");
        } catch (AvaticaSqlException e) {
            Assert.assertEquals(e.getErrorMessage(), getExpectedAvaticaAuthError());
        }
    }

    private void checkLoadStatusSingle(HttpClient httpClient, String str) throws Exception {
        Map map = (Map) this.jsonMapper.readValue(HttpUtil.makeRequest(httpClient, HttpMethod.GET, str + "/druid-ext/basic-security/authentication/loadStatus", (byte[]) null).getContent(), JacksonUtils.TYPE_REFERENCE_MAP_STRING_BOOLEAN);
        String authenticatorName = getAuthenticatorName();
        Assert.assertNotNull(map.get(getAuthenticatorName()));
        Assert.assertTrue(((Boolean) map.get(authenticatorName)).booleanValue());
        Map map2 = (Map) this.jsonMapper.readValue(HttpUtil.makeRequest(httpClient, HttpMethod.GET, str + "/druid-ext/basic-security/authorization/loadStatus", (byte[]) null).getContent(), JacksonUtils.TYPE_REFERENCE_MAP_STRING_BOOLEAN);
        String authorizerName = getAuthorizerName();
        Assert.assertNotNull(map2.get(authorizerName));
        Assert.assertTrue(((Boolean) map2.get(authorizerName)).booleanValue());
    }

    StatusResponseHolder makeSQLQueryRequest(HttpClient httpClient, String str, HttpResponseStatus httpResponseStatus) throws Exception {
        return HttpUtil.makeRequestWithExpectedStatus(httpClient, HttpMethod.POST, this.config.getBrokerUrl() + "/druid/v2/sql", this.jsonMapper.writeValueAsBytes(ImmutableMap.of(TestNGGroup.QUERY, str)), httpResponseStatus);
    }

    void verifySystemSchemaQueryBase(HttpClient httpClient, String str, List<Map<String, Object>> list, boolean z) throws Exception {
        List<Map<String, Object>> list2 = (List) this.jsonMapper.readValue(makeSQLQueryRequest(httpClient, str, HttpResponseStatus.OK).getContent(), SYS_SCHEMA_RESULTS_TYPE_REFERENCE);
        if (z) {
            list2 = getServersWithoutCurrentSize(list2);
        }
        Assert.assertEquals(list2, list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifySystemSchemaQuery(HttpClient httpClient, String str, List<Map<String, Object>> list) throws Exception {
        verifySystemSchemaQueryBase(httpClient, str, list, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifySystemSchemaServerQuery(HttpClient httpClient, String str, List<Map<String, Object>> list) throws Exception {
        verifySystemSchemaQueryBase(httpClient, str, list, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifySystemSchemaQueryFailure(HttpClient httpClient, String str, HttpResponseStatus httpResponseStatus, String str2) throws Exception {
        StatusResponseHolder makeSQLQueryRequest = makeSQLQueryRequest(httpClient, str, httpResponseStatus);
        Assert.assertEquals(makeSQLQueryRequest.getStatus(), httpResponseStatus);
        Assert.assertEquals(makeSQLQueryRequest.getContent(), str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getBrokerAvacticaUrl() {
        return "jdbc:avatica:remote:url=" + this.config.getBrokerUrl() + "/druid/v2/sql/avatica/";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRouterAvacticaUrl() {
        return "jdbc:avatica:remote:url=" + this.config.getRouterUrl() + "/druid/v2/sql/avatica/";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyAdminOptionsRequest() {
        testOptionsRequests(new CredentialedHttpClient(new BasicCredentials("admin", "priest"), this.httpClient));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyAuthenticatioInvalidAuthNameFails() {
        verifyInvalidAuthNameFails(StringUtils.format("%s/druid-ext/basic-security/authentication/listen/%s", new Object[]{this.config.getCoordinatorUrl(), INVALID_NAME}));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyAuthorizationInvalidAuthNameFails() {
        verifyInvalidAuthNameFails(StringUtils.format("%s/druid-ext/basic-security/authorization/listen/users/%s", new Object[]{this.config.getCoordinatorUrl(), INVALID_NAME}));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyGroupMappingsInvalidAuthNameFails() {
        verifyInvalidAuthNameFails(StringUtils.format("%s/druid-ext/basic-security/authorization/listen/groupMappings/%s", new Object[]{this.config.getCoordinatorUrl(), INVALID_NAME}));
    }

    void verifyInvalidAuthNameFails(String str) {
        HttpUtil.makeRequestWithExpectedStatus(new CredentialedHttpClient(new BasicCredentials("admin", "priest"), this.httpClient), HttpMethod.POST, str, "SERIALIZED_DATA".getBytes(StandardCharsets.UTF_8), HttpResponseStatus.INTERNAL_SERVER_ERROR);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void verifyMaliciousUser() {
        String content = HttpUtil.makeRequestWithExpectedStatus(new CredentialedHttpClient(new BasicCredentials("<script>alert('hello')</script>", "noPass"), this.httpClient), HttpMethod.GET, this.config.getBrokerUrl() + "/status", (byte[]) null, HttpResponseStatus.UNAUTHORIZED).getContent();
        Assert.assertTrue(content.contains("<tr><th>MESSAGE:</th><td>Unauthorized</td></tr>"));
        Assert.assertFalse(content.contains("<script>alert('hello')</script>"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setupHttpClients() throws Exception {
        setupCommonHttpClients();
        setupTestSpecificHttpClients();
    }

    abstract void setupUsers() throws Exception;

    void setupCommonHttpClients() {
        this.adminClient = new CredentialedHttpClient(new BasicCredentials("admin", "priest"), this.httpClient);
        this.datasourceOnlyUserClient = new CredentialedHttpClient(new BasicCredentials("datasourceOnlyUser", "helloworld"), this.httpClient);
        this.datasourceWithStateUserClient = new CredentialedHttpClient(new BasicCredentials("datasourceWithStateUser", "helloworld"), this.httpClient);
        this.stateOnlyUserClient = new CredentialedHttpClient(new BasicCredentials("stateOnlyUser", "helloworld"), this.httpClient);
        this.internalSystemClient = new CredentialedHttpClient(new BasicCredentials("druid_system", "warlock"), this.httpClient);
    }

    abstract void setupTestSpecificHttpClients() throws Exception;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setExpectedSystemSchemaObjects() throws IOException {
        this.adminSegments = (List) this.jsonMapper.readValue(TestQueryHelper.class.getResourceAsStream(SYSTEM_SCHEMA_SEGMENTS_RESULTS_RESOURCE), SYS_SCHEMA_RESULTS_TYPE_REFERENCE);
        this.adminTasks = (List) this.jsonMapper.readValue(TestQueryHelper.class.getResourceAsStream(SYSTEM_SCHEMA_TASKS_RESULTS_RESOURCE), SYS_SCHEMA_RESULTS_TYPE_REFERENCE);
        this.adminServers = getServersWithoutCurrentSize((List) this.jsonMapper.readValue(fillServersTemplate(this.config, AbstractIndexerTest.getResourceAsString(SYSTEM_SCHEMA_SERVERS_RESULTS_RESOURCE)), SYS_SCHEMA_RESULTS_TYPE_REFERENCE));
        this.adminServerSegments = (List) this.jsonMapper.readValue(fillSegementServersTemplate(this.config, AbstractIndexerTest.getResourceAsString(SYSTEM_SCHEMA_SERVER_SEGMENTS_RESULTS_RESOURCE)), SYS_SCHEMA_RESULTS_TYPE_REFERENCE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<Map<String, Object>> getServersWithoutCurrentSize(List<Map<String, Object>> list) {
        return Lists.transform(list, map -> {
            HashMap hashMap = new HashMap(map);
            hashMap.put("curr_size", 0);
            return hashMap;
        });
    }

    static String fillSegementServersTemplate(IntegrationTestingConfig integrationTestingConfig, String str) {
        return StringUtils.replace(str, "%%HISTORICAL%%", integrationTestingConfig.getHistoricalInternalHost());
    }

    static String fillServersTemplate(IntegrationTestingConfig integrationTestingConfig, String str) {
        return StringUtils.replace(StringUtils.replace(StringUtils.replace(str, "%%HISTORICAL%%", integrationTestingConfig.getHistoricalInternalHost()), "%%BROKER%%", integrationTestingConfig.getBrokerInternalHost()), "%%NON_LEADER%%", String.valueOf(NullHandling.defaultLongValue()));
    }

    abstract String getAuthenticatorName();

    abstract String getAuthorizerName();

    abstract String getExpectedAvaticaAuthError();
}
