package org.apache.ignite.internal.processors.security.service;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.concurrent.Callable;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import java.util.function.Function;
import org.apache.ignite.Ignite;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteServices;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.failure.FailureContext;
import org.apache.ignite.failure.FailureHandler;
import org.apache.ignite.internal.IgniteInternalFuture;
import org.apache.ignite.internal.processors.cache.IgniteMarshallerCacheSeparateDirectoryTest;
import org.apache.ignite.internal.processors.security.AbstractSecurityTest;
import org.apache.ignite.internal.processors.security.impl.TestSecurityData;
import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider;
import org.apache.ignite.internal.util.typedef.G;
import org.apache.ignite.internal.util.typedef.X;
import org.apache.ignite.plugin.security.SecurityException;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
import org.apache.ignite.services.Service;
import org.apache.ignite.services.ServiceCallContext;
import org.apache.ignite.services.ServiceConfiguration;
import org.apache.ignite.services.ServiceDeploymentException;
import org.apache.ignite.testframework.GridTestUtils;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/ignite/internal/processors/security/service/ServiceAuthorizationTest.class */
public class ServiceAuthorizationTest extends AbstractSecurityTest {
    private static final String TEST_SERVICE_NAME = "test-service-name";
    private static final ServiceCallContext SERVICE_CALL_CTX = ServiceCallContext.builder().put(IgniteMarshallerCacheSeparateDirectoryTest.KEY, "val").build();
    private static final int ALLOWED_NODE_IDX = 1;
    private static final int FORBIDDEN_NODE_IDX = 2;
    private CountDownLatch authErrLatch;

    @Parameterized.Parameter
    public boolean isClient;

    /* loaded from: input_file:org/apache/ignite/internal/processors/security/service/ServiceAuthorizationTest$TestService.class */
    public interface TestService extends Service {
        boolean doWork();
    }

    /* loaded from: input_file:org/apache/ignite/internal/processors/security/service/ServiceAuthorizationTest$TestServiceImpl.class */
    public static class TestServiceImpl implements TestService {
        @Override // org.apache.ignite.internal.processors.security.service.ServiceAuthorizationTest.TestService
        public boolean doWork() {
            return true;
        }
    }

    @Parameterized.Parameters(name = "isClient={0}")
    public static Iterable<Object[]> data() {
        return Arrays.asList(new Object[]{true}, new Object[]{false});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.ignite.testframework.junits.common.GridCommonAbstractTest, org.apache.ignite.testframework.junits.GridAbstractTest
    public void beforeTest() throws Exception {
        super.beforeTest();
        startGridAllowAll(getTestIgniteInstanceName(0));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.ignite.testframework.junits.GridAbstractTest
    public void afterTest() throws Exception {
        super.afterTest();
        stopAllGrids();
    }

    @Test
    public void testServiceCancel() throws Exception {
        startGrid(configuration(1, SecurityPermission.SERVICE_DEPLOY, SecurityPermission.SERVICE_INVOKE, SecurityPermission.SERVICE_CANCEL));
        startGrid(configuration(2, SecurityPermission.SERVICE_DEPLOY, SecurityPermission.SERVICE_INVOKE));
        checkCancel(igniteServices -> {
            igniteServices.cancel(TEST_SERVICE_NAME);
        });
        checkCancel(igniteServices2 -> {
        });
        checkCancel(igniteServices3 -> {
            igniteServices3.cancelAll(Collections.singleton(TEST_SERVICE_NAME));
        });
        checkCancel(igniteServices4 -> {
        });
        checkCancel((v0) -> {
            v0.cancelAll();
        });
        checkCancel(igniteServices5 -> {
        });
    }

    @Test
    public void testServiceInvoke() throws Exception {
        startGrid(configuration(1, SecurityPermission.SERVICE_DEPLOY, SecurityPermission.SERVICE_INVOKE));
        startGrid(configuration(2, SecurityPermission.SERVICE_DEPLOY));
        grid(1).services().deploy(serviceConfiguration());
        if (!this.isClient) {
            checkInvoke(igniteServices -> {
                return igniteServices.service(TEST_SERVICE_NAME);
            }, false);
            checkInvoke(igniteServices2 -> {
                return igniteServices2.services(TEST_SERVICE_NAME);
            }, false);
        }
        checkInvoke(igniteServices3 -> {
            return (TestService) igniteServices3.serviceProxy(TEST_SERVICE_NAME, TestService.class, false);
        }, true);
        checkInvoke(igniteServices4 -> {
            return (TestService) igniteServices4.serviceProxy(TEST_SERVICE_NAME, TestService.class, false, getTestTimeout());
        }, true);
        checkInvoke(igniteServices5 -> {
            return (TestService) igniteServices5.serviceProxy(TEST_SERVICE_NAME, TestService.class, false, SERVICE_CALL_CTX);
        }, true);
        checkInvoke(igniteServices6 -> {
            return (TestService) igniteServices6.serviceProxy(TEST_SERVICE_NAME, TestService.class, false, SERVICE_CALL_CTX, getTestTimeout());
        }, true);
    }

    @Test
    public void testServiceDeploy() throws Exception {
        startGrid(configuration(1, SecurityPermission.SERVICE_DEPLOY, SecurityPermission.SERVICE_INVOKE, SecurityPermission.SERVICE_CANCEL));
        startGrid(configuration(2, SecurityPermission.SERVICE_INVOKE));
        checkDeploy(igniteServices -> {
            igniteServices.deploy(serviceConfiguration());
        }, false);
        checkDeploy(igniteServices2 -> {
        }, false);
        checkDeploy(igniteServices3 -> {
            igniteServices3.deployAll(Collections.singleton(serviceConfiguration()));
        }, false);
        checkDeploy(igniteServices4 -> {
        }, false);
        checkDeploy(igniteServices5 -> {
            igniteServices5.deployMultiple(TEST_SERVICE_NAME, new TestServiceImpl(), this.isClient ? 1 : 3, 1);
        }, false);
        checkDeploy(igniteServices6 -> {
        }, false);
        checkDeploy(igniteServices7 -> {
            igniteServices7.deployNodeSingleton(TEST_SERVICE_NAME, new TestServiceImpl());
        }, false);
        checkDeploy(igniteServices8 -> {
        }, false);
        checkDeploy(igniteServices9 -> {
            igniteServices9.deployClusterSingleton(TEST_SERVICE_NAME, new TestServiceImpl());
        }, true);
        checkDeploy(igniteServices10 -> {
        }, true);
        grid(0).createCache("default");
        int intValue = keyForNode(grid(0).affinity("default"), new AtomicInteger(0), grid(0).cluster().localNode()).intValue();
        checkDeploy(igniteServices11 -> {
            igniteServices11.deployKeyAffinitySingleton(TEST_SERVICE_NAME, new TestServiceImpl(), "default", Integer.valueOf(intValue));
        }, true);
        checkDeploy(igniteServices12 -> {
        }, true);
    }

    @Test
    public void testStartServiceDeployment() throws Exception {
        startClientAllowAll(getTestIgniteInstanceName(1));
        GridTestUtils.assertThrowsWithCause((Callable<?>) () -> {
            return startGrid(configuration(2, SecurityPermission.SERVICE_INVOKE).setServiceConfiguration(new ServiceConfiguration[]{serviceConfiguration()}));
        }, (Class<? extends Throwable>) IgniteCheckedException.class);
        checkServiceOnAllNodes(TEST_SERVICE_NAME, false);
        startGrid(configuration(3, SecurityPermission.SERVICE_DEPLOY, SecurityPermission.SERVICE_INVOKE).setServiceConfiguration(new ServiceConfiguration[]{serviceConfiguration()}));
        GridTestUtils.waitForCondition(() -> {
            for (Ignite ignite : G.allGrids()) {
                if (!ignite.cluster().localNode().isClient() && ignite.services().service(TEST_SERVICE_NAME) == null) {
                    return false;
                }
            }
            return true;
        }, getTestTimeout());
        if (this.isClient) {
            return;
        }
        stopAllGrids();
        startGrid(configuration(0, SecurityPermission.SERVICE_DEPLOY, SecurityPermission.SERVICE_INVOKE).setServiceConfiguration(new ServiceConfiguration[]{serviceConfiguration()}));
        assertTrue(GridTestUtils.waitForCondition(() -> {
            return grid(0).services().service(TEST_SERVICE_NAME) != null;
        }, getTestTimeout()));
        stopGrid(0);
        this.authErrLatch = new CountDownLatch(1);
        IgniteInternalFuture igniteInternalFuture = null;
        try {
            igniteInternalFuture = GridTestUtils.runAsync(() -> {
                return startGrid(configuration(2, SecurityPermission.SERVICE_INVOKE).setServiceConfiguration(new ServiceConfiguration[]{serviceConfiguration()}));
            });
            assertTrue(this.authErrLatch.await(5L, TimeUnit.SECONDS));
            this.authErrLatch = null;
            if (igniteInternalFuture != null) {
                igniteInternalFuture.cancel();
            }
            checkServiceOnAllNodes(TEST_SERVICE_NAME, false);
        } catch (Throwable th) {
            this.authErrLatch = null;
            if (igniteInternalFuture != null) {
                igniteInternalFuture.cancel();
            }
            throw th;
        }
    }

    private ServiceConfiguration serviceConfiguration() {
        ServiceConfiguration serviceConfiguration = new ServiceConfiguration();
        serviceConfiguration.setMaxPerNodeCount(1);
        serviceConfiguration.setName(TEST_SERVICE_NAME);
        serviceConfiguration.setService(new TestServiceImpl());
        return serviceConfiguration;
    }

    private IgniteConfiguration configuration(int i, SecurityPermission... securityPermissionArr) throws Exception {
        String testIgniteInstanceName = getTestIgniteInstanceName(i);
        IgniteConfiguration clientMode = getConfiguration(testIgniteInstanceName, new TestSecurityPluginProvider(testIgniteInstanceName, "", SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendSystemPermissions(new SecurityPermission[]{SecurityPermission.JOIN_AS_SERVER}).appendCachePermissions("default", new SecurityPermission[]{SecurityPermission.CACHE_CREATE}).appendTaskPermissions("org.apache.ignite.internal.processors.affinity.GridAffinityUtils$AffinityJob", new SecurityPermission[]{SecurityPermission.TASK_EXECUTE, SecurityPermission.TASK_CANCEL}).appendServicePermissions(TEST_SERVICE_NAME, securityPermissionArr).build(), null, false, new TestSecurityData[0])).setClientMode(this.isClient);
        if (this.authErrLatch != null) {
            clientMode.setFailureHandler(new FailureHandler() { // from class: org.apache.ignite.internal.processors.security.service.ServiceAuthorizationTest.1
                public boolean onFailure(Ignite ignite, FailureContext failureContext) {
                    ServiceAuthorizationTest.assertTrue(failureContext.error() instanceof SecurityException);
                    ServiceAuthorizationTest.assertTrue(failureContext.error().getMessage().startsWith("Authorization failed [perm=SERVICE_DEPLOY, name=test-service-name"));
                    ServiceAuthorizationTest.this.authErrLatch.countDown();
                    return true;
                }
            });
        }
        return clientMode;
    }

    private void checkServiceOnAllNodes(String str, boolean z) {
        for (Ignite ignite : G.allGrids()) {
            if (!ignite.cluster().localNode().isClient()) {
                Object service = ignite.services().service(str);
                if (z) {
                    assertNotNull(service);
                } else {
                    assertNull(service);
                }
            }
        }
    }

    private void checkFailed(SecurityPermission securityPermission, GridTestUtils.RunnableX runnableX) {
        if (securityPermission == SecurityPermission.SERVICE_DEPLOY) {
            assertEquals(1L, X.getSuppressedList(GridTestUtils.assertThrowsWithCause(runnableX, (Class<? extends Throwable>) ServiceDeploymentException.class)).stream().filter(th -> {
                return th.getMessage().contains("Authorization failed [perm=SERVICE_DEPLOY, name=test-service-name");
            }).count());
        } else {
            GridTestUtils.assertThrowsAnyCause(log, () -> {
                runnableX.run();
                return null;
            }, SecurityException.class, "Authorization failed [perm=" + securityPermission + ", name=" + TEST_SERVICE_NAME);
        }
    }

    private void checkCancel(Consumer<IgniteServices> consumer) {
        grid(1).services().deploy(serviceConfiguration());
        checkServiceOnAllNodes(TEST_SERVICE_NAME, true);
        checkFailed(SecurityPermission.SERVICE_CANCEL, () -> {
            consumer.accept(grid(2).services());
        });
        checkServiceOnAllNodes(TEST_SERVICE_NAME, true);
        consumer.accept(grid(1).services());
        checkServiceOnAllNodes(TEST_SERVICE_NAME, false);
    }

    private void checkInvoke(Function<IgniteServices, Object> function, boolean z) throws Exception {
        TestService testService;
        checkFailed(SecurityPermission.SERVICE_INVOKE, () -> {
            function.apply(grid(2).services());
        });
        Object apply = function.apply(grid(1).services());
        if (z) {
            assertTrue(((TestService) apply).doWork());
            return;
        }
        if (apply instanceof Collection) {
            Collection collection = (Collection) apply;
            assertFalse(collection.isEmpty());
            testService = (TestService) collection.iterator().next();
        } else {
            assertTrue(apply instanceof TestService);
            testService = (TestService) apply;
        }
        assertTrue(testService.doWork());
    }

    private void checkDeploy(Consumer<IgniteServices> consumer, boolean z) {
        grid(1).services().cancel(TEST_SERVICE_NAME);
        checkServiceOnAllNodes(TEST_SERVICE_NAME, false);
        checkFailed(SecurityPermission.SERVICE_DEPLOY, () -> {
            consumer.accept(grid(2).services());
        });
        checkServiceOnAllNodes(TEST_SERVICE_NAME, false);
        consumer.accept(grid(1).services());
        if (z) {
            assertTrue(G.allGrids().stream().anyMatch(ignite -> {
                return ignite.services().service(TEST_SERVICE_NAME) != null;
            }));
        } else {
            checkServiceOnAllNodes(TEST_SERVICE_NAME, true);
        }
    }
}
