package org.apache.pulsar.websocket.proxy;

import com.google.common.collect.Sets;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Optional;
import org.apache.bookkeeper.test.PortManager;
import org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authorization.AuthorizationService;
import org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.websocket.WebSocketService;
import org.apache.pulsar.websocket.service.WebSocketProxyConfiguration;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/websocket/proxy/ProxyAuthorizationTest.class */
public class ProxyAuthorizationTest extends MockedPulsarServiceBaseTest {
    private WebSocketService service;
    private static final int TEST_PORT = PortManager.nextFreePort();
    private final String configClusterName = "c1";

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeClass
    protected void setup() throws Exception {
        this.conf.setClusterName("c1");
        internalSetup();
        WebSocketProxyConfiguration webSocketProxyConfiguration = new WebSocketProxyConfiguration();
        HashSet newHashSet = Sets.newHashSet("");
        webSocketProxyConfiguration.setAuthorizationEnabled(true);
        webSocketProxyConfiguration.setConfigurationStoreServers("dummy-zk-servers");
        webSocketProxyConfiguration.setSuperUserRoles(newHashSet);
        webSocketProxyConfiguration.setClusterName("c1");
        webSocketProxyConfiguration.setWebServicePort(Optional.of(Integer.valueOf(TEST_PORT)));
        this.service = (WebSocketService) Mockito.spy(new WebSocketService(webSocketProxyConfiguration));
        ((WebSocketService) Mockito.doReturn(this.mockZooKeeperClientFactory).when(this.service)).getZooKeeperClientFactory();
        this.service.start();
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterClass
    protected void cleanup() throws Exception {
        internalCleanup();
        this.service.close();
    }

    @Test
    public void test() throws Exception {
        AuthorizationService authorizationService = this.service.getAuthorizationService();
        Assert.assertFalse(authorizationService.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", (AuthenticationDataSource) null));
        this.admin.clusters().createCluster("c1", new ClusterData());
        this.admin.tenants().createTenant("p1", new TenantInfo(Sets.newHashSet("role1"), Sets.newHashSet("c1")));
        waitForChange();
        this.admin.namespaces().createNamespace("p1/c1/ns1");
        waitForChange();
        Assert.assertFalse(authorizationService.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", (AuthenticationDataSource) null));
        this.admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.of(AuthAction.produce));
        waitForChange();
        Assert.assertTrue(authorizationService.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", (AuthenticationDataSource) null));
        Assert.assertTrue(authorizationService.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", (AuthenticationDataSource) null));
        this.admin.topics().grantPermission("persistent://p1/c1/ns1/ds2", "other-role", EnumSet.of(AuthAction.consume));
        waitForChange();
        Assert.assertTrue(authorizationService.canLookup(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", (AuthenticationDataSource) null));
        Assert.assertTrue(authorizationService.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", (AuthenticationDataSource) null));
        Assert.assertFalse(authorizationService.canProduce(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", (AuthenticationDataSource) null));
        Assert.assertTrue(authorizationService.canConsume(TopicName.get("persistent://p1/c1/ns1/ds2"), "other-role", (AuthenticationDataSource) null, (String) null));
        Assert.assertFalse(authorizationService.canConsume(TopicName.get("persistent://p1/c1/ns1/ds2"), "no-access-role", (AuthenticationDataSource) null, (String) null));
        Assert.assertFalse(authorizationService.canLookup(TopicName.get("persistent://p1/c1/ns1/ds1"), "no-access-role", (AuthenticationDataSource) null));
        this.admin.namespaces().grantPermissionOnNamespace("p1/c1/ns1", "my-role", EnumSet.allOf(AuthAction.class));
        waitForChange();
        Assert.assertTrue(authorizationService.canProduce(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", (AuthenticationDataSource) null));
        Assert.assertTrue(authorizationService.canConsume(TopicName.get("persistent://p1/c1/ns1/ds1"), "my-role", (AuthenticationDataSource) null, (String) null));
        this.admin.namespaces().deleteNamespace("p1/c1/ns1");
        this.admin.tenants().deleteTenant("p1");
        this.admin.clusters().deleteCluster("c1");
    }

    private static void waitForChange() {
        try {
            Thread.sleep(100L);
        } catch (InterruptedException e) {
        }
    }
}
