package org.apache.pulsar.broker.admin;

import io.jsonwebtoken.Jwts;
import java.util.Collections;
import java.util.HashMap;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.api.MessageId;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.security.MockedPulsarStandalone;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@Test(groups = {"broker-admin"})
/* loaded from: input_file:org/apache/pulsar/broker/admin/TopicAuthZTest.class */
public class TopicAuthZTest extends MockedPulsarStandalone {
    private PulsarAdmin superUserAdmin;
    private PulsarAdmin tenantManagerAdmin;
    private static final String TENANT_ADMIN_SUBJECT = UUID.randomUUID().toString();
    private static final String TENANT_ADMIN_TOKEN = Jwts.builder().claim("sub", TENANT_ADMIN_SUBJECT).signWith(SECRET_KEY).compact();

    @BeforeClass
    public void before() {
        configureTokenAuthentication();
        configureDefaultAuthorization();
        start();
        this.superUserAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(SUPER_USER_TOKEN)).build();
        TenantInfo tenantInfo = this.superUserAdmin.tenants().getTenantInfo("public");
        tenantInfo.getAdminRoles().add(TENANT_ADMIN_SUBJECT);
        this.superUserAdmin.tenants().updateTenant("public", tenantInfo);
        this.tenantManagerAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(TENANT_ADMIN_TOKEN)).build();
    }

    @AfterClass
    public void after() {
        if (this.superUserAdmin != null) {
            this.superUserAdmin.close();
        }
        if (this.tenantManagerAdmin != null) {
            this.tenantManagerAdmin.close();
        }
        close();
    }

    @Test
    public void testUnloadAndCompactAndTrim() {
        String str = "persistent://public/default/" + UUID.randomUUID().toString();
        String uuid = UUID.randomUUID().toString();
        String compact = Jwts.builder().claim("sub", uuid).signWith(SECRET_KEY).compact();
        this.superUserAdmin.topics().createPartitionedTopic(str, 2);
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(compact)).build();
        try {
            this.superUserAdmin.topics().unload(str);
            this.superUserAdmin.topics().triggerCompaction(str);
            this.superUserAdmin.topics().trimTopic(TopicName.get(str).getPartition(0).getLocalName());
            this.superUserAdmin.topicPolicies().getSchemaCompatibilityStrategy(str, false);
            this.tenantManagerAdmin.topics().unload(str);
            this.tenantManagerAdmin.topics().triggerCompaction(str);
            this.tenantManagerAdmin.topics().trimTopic(TopicName.get(str).getPartition(0).getLocalName());
            this.tenantManagerAdmin.topicPolicies().getSchemaCompatibilityStrategy(str, false);
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().unload(str);
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().triggerCompaction(str);
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().trimTopic(TopicName.get(str).getPartition(0).getLocalName());
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topicPolicies().getSchemaCompatibilityStrategy(str, false);
            });
            for (AuthAction authAction : AuthAction.values()) {
                this.superUserAdmin.topics().grantPermission(str, uuid, Set.of(authAction));
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.topics().unload(str);
                });
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.topics().triggerCompaction(str);
                });
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.topics().trimTopic(str);
                });
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.topicPolicies().getSchemaCompatibilityStrategy(str, false);
                });
                this.superUserAdmin.topics().revokePermissions(str, uuid);
            }
            this.superUserAdmin.topics().deletePartitionedTopic(str, true);
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
            throw th;
        }
    }

    @Test
    public void testGetManagedLedgerInfo() {
        String str = "persistent://public/default/" + UUID.randomUUID().toString();
        String uuid = UUID.randomUUID().toString();
        String compact = Jwts.builder().claim("sub", uuid).signWith(SECRET_KEY).compact();
        this.superUserAdmin.topics().createPartitionedTopic(str, 2);
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(compact)).build();
        try {
            this.superUserAdmin.topics().getInternalInfo(str);
            this.tenantManagerAdmin.topics().getInternalInfo(str);
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().getInternalInfo(str);
            });
            for (AuthAction authAction : AuthAction.values()) {
                this.superUserAdmin.topics().grantPermission(str, uuid, Set.of(authAction));
                if (authAction == AuthAction.produce || authAction == AuthAction.consume) {
                    build.topics().getInternalInfo(str);
                } else {
                    Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                        build.topics().getInternalInfo(str);
                    });
                }
                this.superUserAdmin.topics().revokePermissions(str, uuid);
            }
            this.superUserAdmin.topics().deletePartitionedTopic(str, true);
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
            throw th;
        }
    }

    @Test
    public void testGetPartitionedStatsAndInternalStats() {
        String str = "persistent://public/default/" + UUID.randomUUID().toString();
        String uuid = UUID.randomUUID().toString();
        String compact = Jwts.builder().claim("sub", uuid).signWith(SECRET_KEY).compact();
        this.superUserAdmin.topics().createPartitionedTopic(str, 2);
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(compact)).build();
        try {
            this.superUserAdmin.topics().getPartitionedStats(str, false);
            this.superUserAdmin.topics().getPartitionedInternalStats(str);
            this.tenantManagerAdmin.topics().getPartitionedStats(str, false);
            this.tenantManagerAdmin.topics().getPartitionedInternalStats(str);
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().getPartitionedStats(str, false);
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().getPartitionedInternalStats(str);
            });
            for (AuthAction authAction : AuthAction.values()) {
                this.superUserAdmin.topics().grantPermission(str, uuid, Set.of(authAction));
                if (authAction == AuthAction.produce || authAction == AuthAction.consume) {
                    build.topics().getPartitionedStats(str, false);
                    build.topics().getPartitionedInternalStats(str);
                } else {
                    Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                        build.topics().getPartitionedStats(str, false);
                    });
                    Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                        build.topics().getPartitionedInternalStats(str);
                    });
                }
                this.superUserAdmin.topics().revokePermissions(str, uuid);
            }
            this.superUserAdmin.topics().deletePartitionedTopic(str, true);
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
            throw th;
        }
    }

    @Test
    public void testCreateSubscriptionAndUpdateSubscriptionPropertiesAndAnalyzeSubscriptionBacklog() {
        String str = "persistent://public/default/" + UUID.randomUUID().toString();
        String uuid = UUID.randomUUID().toString();
        String compact = Jwts.builder().claim("sub", uuid).signWith(SECRET_KEY).compact();
        this.superUserAdmin.topics().createPartitionedTopic(str, 2);
        AtomicInteger atomicInteger = new AtomicInteger(1);
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(compact)).build();
        try {
            this.superUserAdmin.topics().createSubscription(str, "test-sub" + atomicInteger.incrementAndGet(), MessageId.earliest);
            this.tenantManagerAdmin.topics().createSubscription(str, "test-sub" + atomicInteger.incrementAndGet(), MessageId.earliest);
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().createSubscription(str, "test-sub" + atomicInteger.incrementAndGet(), MessageId.earliest);
            });
            for (AuthAction authAction : AuthAction.values()) {
                this.superUserAdmin.topics().grantPermission(str, uuid, Set.of(authAction));
                if (authAction == AuthAction.consume) {
                    build.topics().createSubscription(str, "test-sub" + atomicInteger.incrementAndGet(), MessageId.earliest);
                } else {
                    Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                        build.topics().createSubscription(str, "test-sub" + atomicInteger.incrementAndGet(), MessageId.earliest);
                    });
                }
                this.superUserAdmin.topics().revokePermissions(str, uuid);
            }
            HashMap hashMap = new HashMap();
            this.superUserAdmin.topics().createSubscription(str, "test-sub", MessageId.earliest);
            this.superUserAdmin.topics().updateSubscriptionProperties(str, "test-sub", hashMap);
            this.superUserAdmin.topics().getSubscriptionProperties(str, "test-sub");
            this.superUserAdmin.topics().analyzeSubscriptionBacklog(TopicName.get(str).getPartition(0).getLocalName(), "test-sub", Optional.empty());
            this.tenantManagerAdmin.topics().updateSubscriptionProperties(str, "test-sub", hashMap);
            this.tenantManagerAdmin.topics().getSubscriptionProperties(str, "test-sub");
            this.tenantManagerAdmin.topics().analyzeSubscriptionBacklog(TopicName.get(str).getPartition(0).getLocalName(), "test-sub", Optional.empty());
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().updateSubscriptionProperties(str, "test-sub", hashMap);
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().getSubscriptionProperties(str, "test-sub");
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().analyzeSubscriptionBacklog(TopicName.get(str).getPartition(0).getLocalName(), "test-sub", Optional.empty());
            });
            for (AuthAction authAction2 : AuthAction.values()) {
                this.superUserAdmin.topics().grantPermission(str, uuid, Set.of(authAction2));
                if (authAction2 == AuthAction.consume) {
                    build.topics().updateSubscriptionProperties(str, "test-sub", hashMap);
                    build.topics().getSubscriptionProperties(str, "test-sub");
                    build.topics().analyzeSubscriptionBacklog(TopicName.get(str).getPartition(0).getLocalName(), "test-sub", Optional.empty());
                } else {
                    Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                        build.topics().updateSubscriptionProperties(str, "test-sub", hashMap);
                    });
                    Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                        build.topics().getSubscriptionProperties(str, "test-sub");
                    });
                    Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                        build.topics().analyzeSubscriptionBacklog(TopicName.get(str).getPartition(0).getLocalName(), "test-sub", Optional.empty());
                    });
                }
                this.superUserAdmin.topics().revokePermissions(str, uuid);
            }
            this.superUserAdmin.topics().deletePartitionedTopic(str, true);
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
            throw th;
        }
    }

    @Test
    public void testCreateMissingPartition() {
        String str = "persistent://public/default/" + UUID.randomUUID().toString();
        String uuid = UUID.randomUUID().toString();
        String compact = Jwts.builder().claim("sub", uuid).signWith(SECRET_KEY).compact();
        this.superUserAdmin.topics().createPartitionedTopic(str, 2);
        new AtomicInteger(1);
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(compact)).build();
        try {
            this.superUserAdmin.topics().createMissedPartitions(str);
            this.tenantManagerAdmin.topics().createMissedPartitions(str);
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.topics().createMissedPartitions(str);
            });
            for (AuthAction authAction : AuthAction.values()) {
                this.superUserAdmin.topics().grantPermission(str, uuid, Set.of(authAction));
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.topics().createMissedPartitions(str);
                });
                this.superUserAdmin.topics().revokePermissions(str, uuid);
            }
            this.superUserAdmin.topics().deletePartitionedTopic(str, true);
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
            throw th;
        }
    }
}
