package org.apache.pulsar.broker.auth;

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authentication.AuthenticationProviderToken;
import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
import org.apache.pulsar.broker.authorization.AuthorizationProvider;
import org.apache.pulsar.broker.cache.ConfigurationCacheService;
import org.apache.pulsar.client.admin.PulsarAdminBuilder;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.api.ClientBuilder;
import org.apache.pulsar.client.api.Consumer;
import org.apache.pulsar.client.api.Message;
import org.apache.pulsar.client.api.Producer;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.api.SubscriptionInitialPosition;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.NamespaceOperation;
import org.apache.pulsar.common.policies.data.PolicyName;
import org.apache.pulsar.common.policies.data.PolicyOperation;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.policies.data.TenantOperation;
import org.apache.pulsar.common.policies.data.TopicOperation;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@Test(groups = {"broker"})
/* loaded from: input_file:org/apache/pulsar/broker/auth/AuthorizationWithAuthDataTest.class */
public class AuthorizationWithAuthDataTest extends MockedPulsarServiceBaseTest {
    private static final SecretKey SECRET_KEY = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
    private static final String ADMIN_ROLE = "admin";
    private static final String ADMIN_TOKEN = Jwts.builder().setSubject(ADMIN_ROLE).signWith(SECRET_KEY).compact();

    /* loaded from: input_file:org/apache/pulsar/broker/auth/AuthorizationWithAuthDataTest$MyAuthorizationProvider.class */
    public static class MyAuthorizationProvider implements AuthorizationProvider {
        private void assertRoleAndAuthenticationData(String str, AuthenticationDataSource authenticationDataSource) {
            Assert.assertEquals(str, AuthorizationWithAuthDataTest.ADMIN_ROLE);
            if (authenticationDataSource.hasDataFromHttp()) {
                Assert.assertEquals(authenticationDataSource.getHttpHeader("Authorization"), "Bearer " + AuthorizationWithAuthDataTest.ADMIN_TOKEN);
            } else {
                Assert.assertEquals(authenticationDataSource.getCommandData(), AuthorizationWithAuthDataTest.ADMIN_TOKEN);
            }
        }

        public CompletableFuture<Boolean> isSuperUser(String str, AuthenticationDataSource authenticationDataSource, ServiceConfiguration serviceConfiguration) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> isTenantAdmin(String str, String str2, TenantInfo tenantInfo, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str2, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public void initialize(ServiceConfiguration serviceConfiguration, ConfigurationCacheService configurationCacheService) throws IOException {
        }

        public CompletableFuture<Boolean> canProduceAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> allowFunctionOpsAsync(NamespaceName namespaceName, String str, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> allowSourceOpsAsync(NamespaceName namespaceName, String str, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> allowSinkOpsAsync(NamespaceName namespaceName, String str, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Void> grantPermissionAsync(NamespaceName namespaceName, Set<AuthAction> set, String str, String str2) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Void> grantSubscriptionPermissionAsync(NamespaceName namespaceName, String str, Set<String> set, String str2) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Void> revokeSubscriptionPermissionAsync(NamespaceName namespaceName, String str, String str2, String str3) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Void> grantPermissionAsync(TopicName topicName, Set<AuthAction> set, String str, String str2) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Boolean> allowTenantOperationAsync(String str, String str2, TenantOperation tenantOperation, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str2, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> allowNamespaceOperationAsync(NamespaceName namespaceName, String str, NamespaceOperation namespaceOperation, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(NamespaceName namespaceName, PolicyName policyName, PolicyOperation policyOperation, String str, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> allowTopicOperationAsync(TopicName topicName, String str, TopicOperation topicOperation, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> allowTopicPolicyOperationAsync(TopicName topicName, String str, PolicyName policyName, PolicyOperation policyOperation, AuthenticationDataSource authenticationDataSource) {
            assertRoleAndAuthenticationData(str, authenticationDataSource);
            return CompletableFuture.completedFuture(true);
        }

        public void close() throws IOException {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void doInitConf() throws Exception {
        super.doInitConf();
        this.conf.setAuthenticationEnabled(true);
        this.conf.getProperties().setProperty("tokenSecretKey", "data:;base64," + Base64.getEncoder().encodeToString(SECRET_KEY.getEncoded()));
        HashSet hashSet = new HashSet();
        hashSet.add(AuthenticationProviderToken.class.getName());
        this.conf.setAuthenticationProviders(hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(ADMIN_ROLE);
        this.conf.setSuperUserRoles(hashSet2);
        this.conf.setBrokerClientAuthenticationPlugin(AuthenticationToken.class.getName());
        this.conf.setBrokerClientAuthenticationParameters(ADMIN_TOKEN);
        this.conf.setAuthorizationEnabled(true);
        this.conf.setAuthorizationProvider(MyAuthorizationProvider.class.getName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void customizeNewPulsarAdminBuilder(PulsarAdminBuilder pulsarAdminBuilder) {
        super.customizeNewPulsarAdminBuilder(pulsarAdminBuilder);
        pulsarAdminBuilder.authentication(AuthenticationToken.class.getName(), ADMIN_TOKEN);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void customizeNewPulsarClientBuilder(ClientBuilder clientBuilder) {
        super.customizeNewPulsarClientBuilder(clientBuilder);
        clientBuilder.authentication(AuthenticationToken.class.getName(), ADMIN_TOKEN);
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeClass(alwaysRun = true)
    protected void setup() throws Exception {
        internalSetup();
        setupDefaultTenantAndNamespace();
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterClass(alwaysRun = true)
    protected void cleanup() throws Exception {
        internalCleanup();
    }

    @Test
    public void testAdmin() throws PulsarAdminException {
        this.admin.tenants().createTenant("test-tenant-1", TenantInfo.builder().allowedClusters(Collections.singleton("test")).build());
        this.admin.namespaces().createNamespace("test-tenant-1/test-namespace-1");
        String uuid = UUID.randomUUID().toString();
        this.admin.topics().createPartitionedTopic(uuid, 3);
        String uuid2 = UUID.randomUUID().toString();
        this.admin.topics().createNonPartitionedTopic(uuid2);
        this.admin.lookups().lookupPartitionedTopic(uuid);
        this.admin.lookups().lookupTopic(uuid2);
    }

    @Test
    public void testClient() throws PulsarClientException {
        String uuid = UUID.randomUUID().toString();
        Producer create = this.pulsarClient.newProducer().topic(uuid).create();
        try {
            byte[] bytes = "Hello".getBytes(StandardCharsets.UTF_8);
            create.send(bytes);
            Consumer subscribe = this.pulsarClient.newConsumer().topic(new String[]{uuid}).subscriptionInitialPosition(SubscriptionInitialPosition.Earliest).subscriptionName("test").subscribe();
            try {
                Message receive = subscribe.receive(3, TimeUnit.SECONDS);
                Assert.assertNotNull(receive);
                Assert.assertEquals(receive.getData(), bytes);
                if (Collections.singletonList(subscribe).get(0) != null) {
                    subscribe.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(subscribe).get(0) != null) {
                    subscribe.close();
                }
                throw th;
            }
        } finally {
            if (Collections.singletonList(create).get(0) != null) {
                create.close();
            }
        }
    }
}
