package org.apache.druid.tests.security;

import java.io.IOException;
import java.util.List;
import java.util.Properties;
import org.apache.druid.java.util.common.StringUtils;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.java.util.http.client.CredentialedHttpClient;
import org.apache.druid.java.util.http.client.HttpClient;
import org.apache.druid.java.util.http.client.auth.BasicCredentials;
import org.apache.druid.security.basic.authentication.entity.BasicAuthenticatorCredentialUpdate;
import org.apache.druid.server.security.ResourceAction;
import org.apache.druid.testing.guice.DruidTestModuleFactory;
import org.apache.druid.testing.utils.HttpUtil;
import org.apache.druid.testing.utils.ITRetryUtil;
import org.apache.druid.tests.TestNGGroup;
import org.apache.druid.tests.security.AbstractAuthConfigurationTest;
import org.jboss.netty.handler.codec.http.HttpMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Guice;
import org.testng.annotations.Test;

@Guice(moduleFactory = DruidTestModuleFactory.class)
@Test(groups = {TestNGGroup.SECURITY})
/* loaded from: input_file:org/apache/druid/tests/security/ITBasicAuthConfigurationTest.class */
public class ITBasicAuthConfigurationTest extends AbstractAuthConfigurationTest {
    private static final Logger LOG = new Logger(ITBasicAuthConfigurationTest.class);
    private static final String BASIC_AUTHENTICATOR = "basic";
    private static final String BASIC_AUTHORIZER = "basic";
    private static final String EXPECTED_AVATICA_AUTH_ERROR = "Error while executing SQL \"SELECT * FROM INFORMATION_SCHEMA.COLUMNS\": Remote driver error: Unauthorized";
    private static final String EXPECTED_AVATICA_AUTHZ_ERROR = "Error while executing SQL \"SELECT * FROM INFORMATION_SCHEMA.COLUMNS\": Remote driver error: Unauthorized";
    private HttpClient druid99;

    @BeforeClass
    public void before() throws Exception {
        ITRetryUtil.retryUntilTrue(() -> {
            return Boolean.valueOf(this.coordinatorClient.areSegmentsLoaded("auth_test"));
        }, "auth_test segment load");
        setupHttpClientsAndUsers();
        setExpectedSystemSchemaObjects();
    }

    @Test
    public void test_druid99User_hasNodeAccess() {
        checkNodeAccess(this.druid99);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    public void setupHttpClientsAndUsers() throws Exception {
        super.setupHttpClientsAndUsers();
        try {
            Thread.sleep(10000L);
        } catch (InterruptedException e) {
        }
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupDatasourceOnlyUser() throws Exception {
        createUserAndRoleWithPermissions("datasourceOnlyUser", "helloworld", "datasourceOnlyRole", DATASOURCE_ONLY_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupDatasourceAndContextParamsUser() throws Exception {
        createUserAndRoleWithPermissions("datasourceAndContextParamsUser", "helloworld", "datasourceAndContextParamsRole", DATASOURCE_QUERY_CONTEXT_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupDatasourceAndSysTableUser() throws Exception {
        createUserAndRoleWithPermissions("datasourceAndSysUser", "helloworld", "datasourceAndSysRole", DATASOURCE_SYS_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupDatasourceAndSysAndStateUser() throws Exception {
        createUserAndRoleWithPermissions("datasourceWithStateUser", "helloworld", "datasourceWithStateRole", DATASOURCE_SYS_STATE_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupSysTableAndStateOnlyUser() throws Exception {
        createUserAndRoleWithPermissions("stateOnlyUser", "helloworld", "stateOnlyRole", STATE_ONLY_PERMISSIONS);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected void setupTestSpecificHttpClients() throws Exception {
        createUserAndRoleWithPermissions("druid", "helloworld", "druidrole", STATE_ONLY_PERMISSIONS);
        for (int i = 0; i < 100; i++) {
            String str = "druid" + i;
            postAsAdmin(null, "/authentication/db/basic/users/%s", str);
            postAsAdmin(null, "/authorization/db/basic/users/%s", str);
            LOG.info("Created user[%s]", new Object[]{str});
        }
        postAsAdmin(new BasicAuthenticatorCredentialUpdate("helloworld", 5000), "/authentication/db/basic/users/druid99/credentials", new Object[0]);
        postAsAdmin(null, "/authorization/db/basic/users/druid99/roles/druidrole", new Object[0]);
        this.druid99 = new CredentialedHttpClient(new BasicCredentials("druid99", "helloworld"), this.httpClient);
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected String getAuthenticatorName() {
        return "basic";
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected String getAuthorizerName() {
        return "basic";
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected String getExpectedAvaticaAuthError() {
        return "Error while executing SQL \"SELECT * FROM INFORMATION_SCHEMA.COLUMNS\": Remote driver error: Unauthorized";
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected String getExpectedAvaticaAuthzError() {
        return "Error while executing SQL \"SELECT * FROM INFORMATION_SCHEMA.COLUMNS\": Remote driver error: Unauthorized";
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected Properties getAvaticaConnectionPropertiesForInvalidAdmin() {
        Properties properties = new Properties();
        properties.setProperty("user", "admin");
        properties.setProperty("password", "invalid_password");
        return properties;
    }

    @Override // org.apache.druid.tests.security.AbstractAuthConfigurationTest
    protected Properties getAvaticaConnectionPropertiesForUser(AbstractAuthConfigurationTest.User user) {
        Properties properties = new Properties();
        properties.setProperty("user", user.getName());
        properties.setProperty("password", user.getPassword());
        return properties;
    }

    private void createUserAndRoleWithPermissions(String str, String str2, String str3, List<ResourceAction> list) throws Exception {
        postAsAdmin(null, "/authentication/db/basic/users/%s", str);
        postAsAdmin(new BasicAuthenticatorCredentialUpdate(str2, 5000), "/authentication/db/basic/users/%s/credentials", str);
        postAsAdmin(null, "/authorization/db/basic/users/%s", str);
        postAsAdmin(null, "/authorization/db/basic/roles/%s", str3);
        postAsAdmin(null, "/authorization/db/basic/users/%s/roles/%s", str, str3);
        postAsAdmin(list, "/authorization/db/basic/roles/%s/permissions", str3);
    }

    private void postAsAdmin(Object obj, String str, Object... objArr) throws IOException {
        HttpUtil.makeRequest(getHttpClient(AbstractAuthConfigurationTest.User.ADMIN), HttpMethod.POST, getBaseUrl() + StringUtils.format(str, objArr), obj == null ? null : this.jsonMapper.writeValueAsBytes(obj));
    }

    private String getBaseUrl() {
        return this.config.getCoordinatorUrl() + "/druid-ext/basic-security";
    }
}
