package org.apache.pulsar.client.api;

import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.net.URI;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import javax.naming.AuthenticationException;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.PulsarServerException;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.AuthenticationDataCommand;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authentication.AuthenticationProvider;
import org.apache.pulsar.broker.authorization.AuthorizationProvider;
import org.apache.pulsar.broker.authorization.AuthorizationService;
import org.apache.pulsar.broker.cache.ConfigurationCacheService;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.common.naming.DestinationName;
import org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.PropertyAdmin;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest.class */
public class AuthorizationProducerConsumerTest extends ProducerConsumerBase {
    private static final Logger log = LoggerFactory.getLogger(AuthorizationProducerConsumerTest.class);
    private static final String clientRole = "plugbleRole";

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$ClientAuthentication.class */
    public static class ClientAuthentication implements Authentication {
        String user;

        public ClientAuthentication(String str) {
            this.user = str;
        }

        public void close() throws IOException {
        }

        public String getAuthMethodName() {
            return "test";
        }

        public AuthenticationDataProvider getAuthData() throws PulsarClientException {
            return new AuthenticationDataProvider() { // from class: org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.ClientAuthentication.1
                public boolean hasDataForHttp() {
                    return true;
                }

                public Set<Map.Entry<String, String>> getHttpHeaders() {
                    return Sets.newHashSet(new Map.Entry[]{Maps.immutableEntry("user", ClientAuthentication.this.user)});
                }

                public boolean hasDataFromCommand() {
                    return true;
                }

                public String getCommandData() {
                    return ClientAuthentication.this.user;
                }
            };
        }

        public void configure(Map<String, String> map) {
        }

        public void start() throws PulsarClientException {
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthenticationProvider.class */
    public static class TestAuthenticationProvider implements AuthenticationProvider {
        public void close() throws IOException {
        }

        public void initialize(ServiceConfiguration serviceConfiguration) throws IOException {
        }

        public String getAuthMethodName() {
            return "test";
        }

        public String authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
            return authenticationDataSource.getCommandData() != null ? authenticationDataSource.getCommandData() : authenticationDataSource.getHttpHeader("user");
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthorizationProvider.class */
    public static class TestAuthorizationProvider implements AuthorizationProvider {
        public void close() throws IOException {
        }

        public void initialize(ServiceConfiguration serviceConfiguration, ConfigurationCacheService configurationCacheService) throws IOException {
        }

        public CompletableFuture<Boolean> canProduceAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(Boolean.valueOf(AuthorizationProducerConsumerTest.clientRole.equals(str)));
        }

        public CompletableFuture<Boolean> canConsumeAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
            return CompletableFuture.completedFuture(Boolean.valueOf(AuthorizationProducerConsumerTest.clientRole.equals(str)));
        }

        public CompletableFuture<Boolean> canLookupAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(Boolean.valueOf(AuthorizationProducerConsumerTest.clientRole.equals(str)));
        }

        public CompletableFuture<Void> grantPermissionAsync(NamespaceName namespaceName, Set<AuthAction> set, String str, String str2) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Void> grantPermissionAsync(DestinationName destinationName, Set<AuthAction> set, String str, String str2) {
            return CompletableFuture.completedFuture(null);
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthorizationProvider2.class */
    public static class TestAuthorizationProvider2 extends TestAuthorizationProvider {
        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canProduceAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(true);
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canConsumeAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
            return CompletableFuture.completedFuture(false);
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canLookupAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(true);
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthorizationProviderWithGrantPermission.class */
    public static class TestAuthorizationProviderWithGrantPermission extends TestAuthorizationProvider {
        private Set<String> grantRoles = Sets.newHashSet();
        static AuthenticationDataSource authenticationData;
        static String authDataJson;

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canProduceAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource) {
            authenticationData = authenticationDataSource;
            return CompletableFuture.completedFuture(Boolean.valueOf(this.grantRoles.contains(str)));
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canConsumeAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
            authenticationData = authenticationDataSource;
            return CompletableFuture.completedFuture(Boolean.valueOf(this.grantRoles.contains(str)));
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canLookupAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource) {
            authenticationData = authenticationDataSource;
            return CompletableFuture.completedFuture(Boolean.valueOf(this.grantRoles.contains(str)));
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Void> grantPermissionAsync(NamespaceName namespaceName, Set<AuthAction> set, String str, String str2) {
            authDataJson = str2;
            this.grantRoles.add(str);
            return CompletableFuture.completedFuture(null);
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Void> grantPermissionAsync(DestinationName destinationName, Set<AuthAction> set, String str, String str2) {
            authDataJson = str2;
            this.grantRoles.add(str);
            return CompletableFuture.completedFuture(null);
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthorizationProviderWithSubscriptionPrefix.class */
    public static class TestAuthorizationProviderWithSubscriptionPrefix extends TestAuthorizationProvider {
        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canConsumeAsync(DestinationName destinationName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
            CompletableFuture<Boolean> completableFuture = new CompletableFuture<>();
            if (StringUtils.isNotBlank(str2) && !str2.startsWith(str)) {
                completableFuture.completeExceptionally(new PulsarServerException("The subscription name needs to be prefixed by the authentication role"));
            }
            completableFuture.complete(Boolean.valueOf(AuthorizationProducerConsumerTest.clientRole.equals(str)));
            return completableFuture;
        }
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    protected void setup() throws Exception {
        this.conf.setAuthenticationEnabled(true);
        this.conf.setAuthorizationEnabled(true);
        HashSet hashSet = new HashSet();
        hashSet.add("superUser");
        this.conf.setSuperUserRoles(hashSet);
        this.conf.setBrokerClientAuthenticationPlugin(TestAuthenticationProvider.class.getName());
        HashSet hashSet2 = new HashSet();
        hashSet2.add(TestAuthenticationProvider.class.getName());
        this.conf.setAuthenticationProviders(hashSet2);
        this.conf.setClusterName("use");
        super.init();
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod
    protected void cleanup() throws Exception {
        super.internalCleanup();
    }

    @Test
    public void testProducerAndConsumerAuthorization() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(TestAuthorizationProvider.class.getName());
        setup();
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setAuthentication(new ClientAuthentication("superUser"));
        this.admin = (PulsarAdmin) Mockito.spy(new PulsarAdmin(this.brokerUrl, clientConfiguration));
        String uri = new URI("pulsar://localhost:" + this.BROKER_PORT).toString();
        ClientConfiguration clientConfiguration2 = new ClientConfiguration();
        clientConfiguration2.setAuthentication(new ClientAuthentication(clientRole));
        ClientConfiguration clientConfiguration3 = new ClientConfiguration();
        clientConfiguration3.setAuthentication(new ClientAuthentication("test-role"));
        this.pulsarClient = PulsarClient.create(uri, clientConfiguration2);
        PulsarClient create = PulsarClient.create(uri, clientConfiguration3);
        this.admin.properties().createProperty("my-property", new PropertyAdmin(Lists.newArrayList(new String[]{"appid1", "appid2"}), Sets.newHashSet(new String[]{"use"})));
        this.admin.namespaces().createNamespace("my-property/use/my-ns");
        Consumer subscribe = this.pulsarClient.subscribe("persistent://my-property/use/my-ns/my-topic", "my-subscriber-name");
        Producer createProducer = this.pulsarClient.createProducer("persistent://my-property/use/my-ns/my-topic");
        subscribe.close();
        createProducer.close();
        try {
            create.subscribe("persistent://my-property/use/my-ns/my-topic", "my-subscriber-name");
            Assert.fail("should have failed with authorization error");
        } catch (PulsarClientException.AuthorizationException e) {
        }
        try {
            create.createProducer("persistent://my-property/use/my-ns/my-topic");
            Assert.fail("should have failed with authorization error");
        } catch (PulsarClientException.AuthorizationException e2) {
        }
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testSubscriptionPrefixAuthorization() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(TestAuthorizationProviderWithSubscriptionPrefix.class.getName());
        setup();
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setAuthentication(new ClientAuthentication("superUser"));
        this.admin = (PulsarAdmin) Mockito.spy(new PulsarAdmin(this.brokerUrl, clientConfiguration));
        String uri = new URI("pulsar://localhost:" + this.BROKER_PORT).toString();
        ClientConfiguration clientConfiguration2 = new ClientConfiguration();
        clientConfiguration2.setAuthentication(new ClientAuthentication(clientRole));
        this.pulsarClient = PulsarClient.create(uri, clientConfiguration2);
        this.admin.properties().createProperty("prop-prefix", new PropertyAdmin(Lists.newArrayList(new String[]{"appid1", "appid2"}), Sets.newHashSet(new String[]{"use"})));
        this.admin.namespaces().createNamespace("prop-prefix/use/ns");
        this.pulsarClient.subscribe("persistent://prop-prefix/use/ns/t1", "plugbleRole-sub1").close();
        try {
            this.pulsarClient.subscribe("persistent://prop-prefix/use/ns/t1", "sub1");
            Assert.fail("should have failed with authorization error");
        } catch (PulsarClientException.AuthorizationException e) {
        }
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testGrantPermission() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(TestAuthorizationProviderWithGrantPermission.class.getName());
        setup();
        AuthorizationService authorizationService = new AuthorizationService(this.conf, (ConfigurationCacheService) null);
        DestinationName destinationName = DestinationName.get("persistent://prop/cluster/ns/t1");
        Assert.assertFalse(authorizationService.canProduce(destinationName, "test-role", (AuthenticationDataSource) null));
        Assert.assertFalse(authorizationService.canConsume(destinationName, "test-role", (AuthenticationDataSource) null, "sub1"));
        authorizationService.grantPermissionAsync(destinationName, (Set) null, "test-role", "auth-json").get();
        Assert.assertTrue(authorizationService.canProduce(destinationName, "test-role", (AuthenticationDataSource) null));
        Assert.assertTrue(authorizationService.canConsume(destinationName, "test-role", (AuthenticationDataSource) null, "sub1"));
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testAuthData() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(TestAuthorizationProviderWithGrantPermission.class.getName());
        setup();
        AuthorizationService authorizationService = new AuthorizationService(this.conf, (ConfigurationCacheService) null);
        DestinationName destinationName = DestinationName.get("persistent://prop/cluster/ns/t1");
        authorizationService.grantPermissionAsync(destinationName, (Set) null, "test-role", "auth-json").get();
        Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authDataJson, "auth-json");
        Assert.assertTrue(authorizationService.canProduce(destinationName, "test-role", new AuthenticationDataCommand("prod-auth")));
        Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authenticationData.getCommandData(), "prod-auth");
        Assert.assertTrue(authorizationService.canConsume(destinationName, "test-role", new AuthenticationDataCommand("cons-auth"), "sub1"));
        Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authenticationData.getCommandData(), "cons-auth");
        log.info("-- Exiting {} test --", this.methodName);
    }
}
