package org.apache.jena.fuseki.main.access;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import org.apache.jena.atlas.iterator.Iter;
import org.apache.jena.atlas.lib.SetUtils;
import org.apache.jena.atlas.web.HttpException;
import org.apache.jena.fuseki.access.DataAccessCtl;
import org.apache.jena.fuseki.access.SecurityContext;
import org.apache.jena.fuseki.access.SecurityContextView;
import org.apache.jena.fuseki.access.SecurityRegistry;
import org.apache.jena.fuseki.jetty.JettyLib;
import org.apache.jena.fuseki.main.FusekiServer;
import org.apache.jena.fuseki.system.FusekiNetLib;
import org.apache.jena.graph.Node;
import org.apache.jena.rdfconnection.RDFConnection;
import org.apache.jena.rdfconnection.RDFConnectionFactory;
import org.apache.jena.sparql.core.DatasetGraph;
import org.apache.jena.sparql.core.DatasetGraphFactory;
import org.apache.jena.sparql.core.Quad;
import org.apache.jena.sparql.engine.http.QueryExceptionHTTP;
import org.apache.jena.tdb.TDBFactory;
import org.apache.jena.tdb2.DatabaseMgr;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.UserStore;
import org.eclipse.jetty.util.security.Password;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jena/fuseki/main/access/TestSecurityFilterFuseki.class */
public class TestSecurityFilterFuseki {
    private final String baseUrl;
    private static FusekiServer fusekiServer;
    private static DatasetGraph testdsg1 = TDBFactory.createDatasetGraph();
    private static DatasetGraph testdsg2 = DatabaseMgr.createDatasetGraph();
    private static DatasetGraph testdsg3 = DatasetGraphFactory.createTxnMem();
    private static String queryAll = "SELECT * { { ?s ?p ?o } UNION { GRAPH ?g { ?s ?p ?o } } }";
    private static String queryDft = "SELECT * { ?s ?p ?o }";
    private static String queryNamed = "SELECT * { GRAPH ?g { ?s ?p ?o } }";
    private static String queryG2 = "SELECT * { GRAPH <http://test/graph2> { ?s ?p ?o } }";
    private static String queryGraphNames = "SELECT * { GRAPH ?g { } }";

    @Parameterized.Parameters(name = "{index}: {0}")
    public static Iterable<Object[]> data() {
        return Arrays.asList(new Object[]{"TDB", "data1"}, new Object[]{"TDB2", "data2"}, new Object[]{"TIM", "data3"});
    }

    @BeforeClass
    public static void beforeClass() {
        int choosePort = FusekiNetLib.choosePort();
        AccessTestLib.addTestData(testdsg1);
        AccessTestLib.addTestData(testdsg2);
        AccessTestLib.addTestData(testdsg3);
        SecurityRegistry securityRegistry = new SecurityRegistry();
        securityRegistry.put("userNone", SecurityContext.NONE);
        securityRegistry.put("userDft", SecurityContextView.DFT_GRAPH);
        securityRegistry.put("user0", new SecurityContextView(new String[]{Quad.defaultGraphIRI.getURI()}));
        securityRegistry.put("user1", new SecurityContextView(new String[]{"http://test/g1", Quad.defaultGraphIRI.getURI()}));
        securityRegistry.put("user2", new SecurityContextView(new String[]{"http://test/g1", "http://test/g2", "http://test/g3"}));
        securityRegistry.put("user3", new SecurityContextView(new String[]{Quad.defaultGraphIRI.getURI(), "http://test/g2", "http://test/g3"}));
        testdsg1 = DataAccessCtl.controlledDataset(testdsg1, securityRegistry);
        testdsg2 = DataAccessCtl.controlledDataset(testdsg2, securityRegistry);
        testdsg3 = DataAccessCtl.controlledDataset(testdsg3, securityRegistry);
        ConstraintSecurityHandler makeSecurityHandler = JettyLib.makeSecurityHandler("*", userStore());
        JettyLib.addPathConstraint(makeSecurityHandler, "/*");
        fusekiServer = FusekiServer.create().securityHandler(makeSecurityHandler).port(choosePort).add("data1", testdsg1).add("data2", testdsg2).add("data3", testdsg3).build();
        fusekiServer.start();
    }

    @AfterClass
    public static void afterClass() {
        fusekiServer.stop();
    }

    private static UserStore userStore() {
        UserStore userStore = new UserStore();
        String[] strArr = {"**"};
        addUserPassword(userStore, "userNone", "pwNone", strArr);
        addUserPassword(userStore, "userDft", "pwDft", strArr);
        addUserPassword(userStore, "user0", "pw0", strArr);
        addUserPassword(userStore, "user1", "pw1", strArr);
        addUserPassword(userStore, "user2", "pw2", strArr);
        addUserPassword(userStore, "user3", "pw3", strArr);
        return userStore;
    }

    private static void addUserPassword(UserStore userStore, String str, String str2, String[] strArr) {
        userStore.addUser(str, new Password(str2), strArr);
    }

    public TestSecurityFilterFuseki(String str, String str2) {
        this.baseUrl = "http://localhost:" + fusekiServer.getPort() + "/" + str2;
    }

    private Set<Node> query(String str, String str2, String str3) {
        HashSet hashSet = new HashSet();
        RDFConnection connectPW = RDFConnectionFactory.connectPW(this.baseUrl, str, str2);
        Throwable th = null;
        try {
            try {
                connectPW.queryResultSet(str3, resultSet -> {
                    Iter.toList(resultSet).stream().map(querySolution -> {
                        return querySolution.get("s");
                    }).filter((v0) -> {
                        return Objects.nonNull(v0);
                    }).map((v0) -> {
                        return v0.asNode();
                    }).forEach(node -> {
                        hashSet.add(node);
                    });
                });
                if (connectPW != null) {
                    if (0 != 0) {
                        try {
                            connectPW.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connectPW.close();
                    }
                }
                return hashSet;
            } finally {
            }
        } catch (Throwable th3) {
            if (connectPW != null) {
                if (th != null) {
                    try {
                        connectPW.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    connectPW.close();
                }
            }
            throw th3;
        }
    }

    private void query401(String str, String str2, String str3) {
        queryHttp(401, str, str2, str3);
    }

    private void query403(String str, String str2, String str3) {
        queryHttp(403, str, str2, str3);
    }

    private void queryHttp(int i, String str, String str2, String str3) {
        try {
            query(str, str2, str3);
            if (i < 200 && i > 299) {
                Assert.fail("Should have responded with " + i);
            }
        } catch (QueryExceptionHTTP e) {
            Assert.assertEquals(i, e.getStatusCode());
        }
    }

    @Test
    public void query_userDft() {
        AccessTestLib.assertSeen(query("userDft", "pwDft", queryAll), AccessTestLib.s0);
    }

    @Test
    public void query_userNone() {
        AccessTestLib.assertSeen(query("userNone", "pwNone", queryAll), new Node[0]);
    }

    @Test
    public void query_user0() {
        AccessTestLib.assertSeen(query("user0", "pw0", queryAll), AccessTestLib.s0);
    }

    @Test
    public void query_user1() {
        AccessTestLib.assertSeen(query("user1", "pw1", queryAll), AccessTestLib.s0, AccessTestLib.s1);
    }

    @Test
    public void query_bad_user() {
        query401("userX", "pwX", queryAll);
    }

    @Test
    public void query_bad_password() {
        query401("user0", "not-the-password", queryAll);
    }

    @Test
    public void query_dyn_1() {
        AccessTestLib.assertSeen(query("user1", "pw1", "SELECT * FROM <http://test/g1> { ?s ?p ?o }"), AccessTestLib.s1);
    }

    @Test
    public void query_dyn_2() {
        AccessTestLib.assertSeen(query("user1", "pw1", "SELECT * FROM <http://test/g2> { ?s ?p ?o }"), new Node[0]);
    }

    @Test
    public void query_dyn_3() {
        AccessTestLib.assertSeen(query("user1", "pw1", "SELECT * FROM <http://test/g1> FROM <http://test/g2> { ?s ?p ?o }"), AccessTestLib.s1);
    }

    @Test
    public void query_dyn_4() {
        Set<Node> query = query("user3", "pw3", "SELECT * FROM <" + Quad.unionGraph.getURI() + "> { ?s ?p ?o }");
        AccessTestLib.assertSeen(query, AccessTestLib.s2, AccessTestLib.s3);
        Assert.assertEquals(query, query("user3", "pw3", "SELECT * { GRAPH <" + Quad.unionGraph.getURI() + "> { ?s ?p ?o } }"));
    }

    @Test
    public void query_dyn_5() {
        Set<Node> query = query("user3", "pw3", "SELECT * FROM NAMED <http://test/g1> { ?s ?p ?o }");
        AccessTestLib.assertSeen(query, new Node[0]);
        Assert.assertEquals(query, query("user3", "pw3", "SELECT * { GRAPH <http://test/g1> { ?s ?p ?o } }"));
    }

    private Set<Node> gsp(String str, String str2, String str3) {
        new HashSet();
        RDFConnection connectPW = RDFConnectionFactory.connectPW(this.baseUrl, str, str2);
        Throwable th = null;
        try {
            try {
                Set<Node> set = SetUtils.toSet(Iter.asStream((str3 == null ? connectPW.fetch() : connectPW.fetch(str3)).listSubjects()).map(resource -> {
                    return resource.asNode();
                }));
                if (connectPW != null) {
                    if (0 != 0) {
                        try {
                            connectPW.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connectPW.close();
                    }
                }
                return set;
            } finally {
            }
        } catch (Throwable th3) {
            if (connectPW != null) {
                if (th != null) {
                    try {
                        connectPW.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    connectPW.close();
                }
            }
            throw th3;
        }
    }

    private void gsp401(String str, String str2, String str3) {
        gspHttp(401, str, str2, str3);
    }

    private void gsp403(String str, String str2, String str3) {
        gspHttp(403, str, str2, str3);
    }

    private void gsp404(String str, String str2, String str3) {
        gspHttp(404, str, str2, str3);
    }

    private void gspHttp(int i, String str, String str2, String str3) {
        try {
            gsp(str, str2, str3);
            if (i < 200 && i > 299) {
                Assert.fail("Should have responded with " + i);
            }
        } catch (HttpException e) {
            Assert.assertEquals(i, e.getStatusCode());
        }
    }

    @Test
    public void gsp_dft_userDft() {
        AccessTestLib.assertSeen(gsp("userDft", "pwDft", null), AccessTestLib.s0);
    }

    @Test
    public void gsp_dft_userNone() {
        AccessTestLib.assertSeen(gsp("userNone", "pwNone", null), new Node[0]);
    }

    @Test
    public void gsp_dft_user0() {
        AccessTestLib.assertSeen(gsp("user0", "pw0", null), AccessTestLib.s0);
    }

    @Test
    public void gsp_dft_user1() {
        AccessTestLib.assertSeen(gsp("user1", "pw1", null), AccessTestLib.s0);
    }

    @Test
    public void gsp_dft_user2() {
        AccessTestLib.assertSeen(gsp("user2", "pw2", null), new Node[0]);
    }

    @Test
    public void gsp_graph1_userDft() {
        gsp404("userDft", "pwDft", "http://test/g1");
    }

    @Test
    public void gsp_graph1_userNone() {
        gsp404("userNone", "pwNone", "http://test/g1");
    }

    @Test
    public void gsp_graph1_user0() {
        gsp404("user0", "pw0", "http://test/g1");
    }

    @Test
    public void gsp_graph1_user1() {
        AccessTestLib.assertSeen(gsp("user1", "pw1", "http://test/g1"), AccessTestLib.s1);
    }

    @Test
    public void gsp_graph1_user2() {
        gsp404("user2", "pw2", "http://test/g1");
    }

    @Test
    public void gsp_graphX_userDft() {
        gsp404("userDft", "pwDft", "http://test/gX");
    }

    @Test
    public void gsp_graphX_userNone() {
        gsp404("userNone", "pwNone", "http://test/gX");
    }

    @Test
    public void gsp_graphX_user0() {
        gsp404("user0", "pw0", "http://test/gX");
    }

    @Test
    public void gsp_graphX_user1() {
        gsp404("user1", "pw1", "http://test/g1X");
    }

    @Test
    public void gsp_graphX_user2() {
        gsp404("user2", "pw2", "http://test/gX");
    }

    @Test
    public void gsp_bad_user() {
        gsp401("userX", "pwX", null);
    }

    @Test
    public void gsp_bad_password() {
        gsp401("user0", "not-the-password", null);
    }
}
