package org.apache.druid.tests.security;

import java.util.List;
import java.util.Properties;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.java.util.http.client.CredentialedHttpClient;
import org.apache.druid.java.util.http.client.HttpClient;
import org.apache.druid.java.util.http.client.auth.BasicCredentials;
import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate;
import org.apache.druid.server.security.ResourceAction;
import org.apache.druid.testing.guice.DruidTestModuleFactory;
import org.apache.druid.testing.utils.HttpUtil;
import org.apache.druid.testing.utils.ITRetryUtil;
import org.apache.druid.tests.TestNGGroup;
import org.apache.druid.tests.security.AbstractAuthConfigurationTest;
import org.jboss.netty.handler.codec.http.HttpMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Guice;
import org.testng.annotations.Test;

@Guice(moduleFactory = DruidTestModuleFactory.class)
@Test(groups = {TestNGGroup.SECURITY})
/* loaded from: input_file:org/apache/druid/tests/security/ITBasicAuthConfigurationTest.class */
public class ITBasicAuthConfigurationTest extends AbstractAuthConfigurationTest {
    private static final Logger LOG = new Logger(ITBasicAuthConfigurationTest.class);
    private static final String BASIC_AUTHENTICATOR = "basic";
    private static final String BASIC_AUTHORIZER = "basic";
    private static final String EXPECTED_AVATICA_AUTH_ERROR = "Error while executing SQL \"SELECT * FROM INFORMATION_SCHEMA.COLUMNS\": Remote driver error: User metadata store authentication failed.";
    private static final String EXPECTED_AVATICA_AUTHZ_ERROR = "Error while executing SQL \"SELECT * FROM INFORMATION_SCHEMA.COLUMNS\": Remote driver error: Unauthorized";
    private HttpClient druid99;

    @BeforeClass
    public void before() throws Exception {
        ITRetryUtil.retryUntilTrue(() -> {
            return Boolean.valueOf(this.coordinatorClient.areSegmentsLoaded("auth_test"));
        }, "auth_test segment load");
        setupHttpClientsAndUsers();
        setExpectedSystemSchemaObjects();
    }

    @Test
    public void test_druid99User_hasNodeAccess() {
        checkNodeAccess(this.druid99);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupDatasourceOnlyUser() throws Exception {
        createUserAndRoleWithPermissions(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), "datasourceOnlyUser", "helloworld", "datasourceOnlyRole", DATASOURCE_ONLY_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupDatasourceAndContextParamsUser() throws Exception {
        createUserAndRoleWithPermissions(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), "datasourceAndContextParamsUser", "helloworld", "datasourceAndContextParamsRole", DATASOURCE_QUERY_CONTEXT_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupDatasourceAndSysTableUser() throws Exception {
        createUserAndRoleWithPermissions(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), "datasourceAndSysUser", "helloworld", "datasourceAndSysRole", DATASOURCE_SYS_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupDatasourceAndSysAndStateUser() throws Exception {
        createUserAndRoleWithPermissions(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), "datasourceWithStateUser", "helloworld", "datasourceWithStateRole", DATASOURCE_SYS_STATE_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupSysTableAndStateOnlyUser() throws Exception {
        createUserAndRoleWithPermissions(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), "stateOnlyUser", "helloworld", "stateOnlyRole", STATE_ONLY_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupTestSpecificHttpClients() throws Exception {
        createUserAndRoleWithPermissions(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), "druid", "helloworld", "druidrole", STATE_ONLY_PERMISSIONS);
        for (int i = 0; i < 100; i++) {
            HttpUtil.makeRequest(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), HttpMethod.POST, this.config.getCoordinatorUrl() + "/druid-ext/basic-security/authentication/db/basic/users/druid" + i, (byte[]) null);
            HttpUtil.makeRequest(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), HttpMethod.POST, this.config.getCoordinatorUrl() + "/druid-ext/basic-security/authorization/db/basic/users/druid" + i, (byte[]) null);
            LOG.info("Finished creating user druid" + i, new Object[0]);
        }
        HttpUtil.makeRequest(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), HttpMethod.POST, this.config.getCoordinatorUrl() + "/druid-ext/basic-security/authentication/db/basic/users/druid99/credentials", this.jsonMapper.writeValueAsBytes(new BasicAuthenticatorCredentialUpdate("helloworld", 5000)));
        HttpUtil.makeRequest(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), HttpMethod.POST, this.config.getCoordinatorUrl() + "/druid-ext/basic-security/authorization/db/basic/users/druid99/roles/druidrole", (byte[]) null);
        this.druid99 = new CredentialedHttpClient(new BasicCredentials("druid99", "helloworld"), this.httpClient);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected String getAuthenticatorName() {
        return "basic";
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected String getAuthorizerName() {
        return "basic";
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected String getExpectedAvaticaAuthError() {
        return EXPECTED_AVATICA_AUTH_ERROR;
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected String getExpectedAvaticaAuthzError() {
        return EXPECTED_AVATICA_AUTHZ_ERROR;
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected Properties getAvaticaConnectionPropertiesForInvalidAdmin() {
        Properties properties = new Properties();
        properties.setProperty("user", "admin");
        properties.setProperty("password", "invalid_password");
        return properties;
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected Properties getAvaticaConnectionPropertiesForUser(AbstractAuthConfigurationTest.User user) {
        Properties properties = new Properties();
        properties.setProperty("user", user.getName());
        properties.setProperty("password", user.getPassword());
        return properties;
    }

    private void createUserAndRoleWithPermissions(HttpClient httpClient, String str, String str2, String str3, List<ResourceAction> list) throws Exception {
        HttpUtil.makeRequest(httpClient, HttpMethod.POST, StringUtils.format("%s/druid-ext/basic-security/authentication/db/basic/users/%s", new Object[]{this.config.getCoordinatorUrl(), str}), (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.POST, StringUtils.format("%s/druid-ext/basic-security/authentication/db/basic/users/%s/credentials", new Object[]{this.config.getCoordinatorUrl(), str}), this.jsonMapper.writeValueAsBytes(new BasicAuthenticatorCredentialUpdate(str2, 5000)));
        HttpUtil.makeRequest(httpClient, HttpMethod.POST, StringUtils.format("%s/druid-ext/basic-security/authorization/db/basic/users/%s", new Object[]{this.config.getCoordinatorUrl(), str}), (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.POST, StringUtils.format("%s/druid-ext/basic-security/authorization/db/basic/roles/%s", new Object[]{this.config.getCoordinatorUrl(), str3}), (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.POST, StringUtils.format("%s/druid-ext/basic-security/authorization/db/basic/users/%s/roles/%s", new Object[]{this.config.getCoordinatorUrl(), str, str3}), (byte[]) null);
        HttpUtil.makeRequest(httpClient, HttpMethod.POST, StringUtils.format("%s/druid-ext/basic-security/authorization/db/basic/roles/%s/permissions", new Object[]{this.config.getCoordinatorUrl(), str3}), this.jsonMapper.writeValueAsBytes(list));
    }
}
