package org.apache.sentry.policy.solr;

import com.google.common.base.Objects;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.List;
import java.util.Set;
import junit.framework.Assert;
import org.apache.commons.io.FileUtils;
import org.apache.sentry.core.common.Action;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Subject;
import org.apache.sentry.core.common.service.GroupMappingService;
import org.apache.sentry.core.common.utils.PolicyFiles;
import org.apache.sentry.core.model.search.Collection;
import org.apache.sentry.core.model.search.SearchModelAction;
import org.apache.sentry.core.model.search.SearchPrivilegeModel;
import org.apache.sentry.provider.common.ResourceAuthorizationProvider;
import org.apache.sentry.provider.file.HadoopGroupResourceAuthorizationProvider;
import org.junit.After;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases.class */
public class TestSearchAuthorizationProviderGeneralCases {
    private static final Logger LOGGER = LoggerFactory.getLogger(TestSearchAuthorizationProviderGeneralCases.class);
    private static final Multimap<String, String> USER_TO_GROUP_MAP = HashMultimap.create();
    private static final Subject SUB_ADMIN = new Subject("admin1");
    private static final Subject SUB_MANAGER = new Subject("manager1");
    private static final Subject SUB_ANALYST = new Subject("analyst1");
    private static final Subject SUB_JUNIOR_ANALYST = new Subject("jranalyst1");
    private static final Collection COLL_PURCHASES = new Collection("purchases");
    private static final Collection COLL_ANALYST1 = new Collection("analyst1");
    private static final Collection COLL_JRANALYST1 = new Collection("jranalyst1");
    private static final Collection COLL_TMP = new Collection("tmpcollection");
    private static final Collection COLL_PURCHASES_PARTIAL = new Collection("purchases_partial");
    private static final SearchModelAction QUERY = SearchModelAction.QUERY;
    private static final SearchModelAction UPDATE = SearchModelAction.UPDATE;
    private final ResourceAuthorizationProvider authzProvider;
    private File baseDir = Files.createTempDir();

    /* loaded from: input_file:org/apache/sentry/policy/solr/TestSearchAuthorizationProviderGeneralCases$MockGroupMappingServiceProvider.class */
    public class MockGroupMappingServiceProvider implements GroupMappingService {
        private final Multimap<String, String> userToGroupMap;

        public MockGroupMappingServiceProvider(Multimap<String, String> multimap) {
            this.userToGroupMap = multimap;
        }

        public Set<String> getGroups(String str) {
            return Sets.newHashSet(this.userToGroupMap.get(str));
        }
    }

    public TestSearchAuthorizationProviderGeneralCases() throws IOException {
        PolicyFiles.copyToDir(this.baseDir, new String[]{"solr-policy-test-authz-provider.ini"});
        this.authzProvider = new HadoopGroupResourceAuthorizationProvider(SearchPolicyTestUtil.createPolicyEngineForTest(new File(this.baseDir, "solr-policy-test-authz-provider.ini").getPath()), new MockGroupMappingServiceProvider(USER_TO_GROUP_MAP), SearchPrivilegeModel.getInstance());
    }

    @After
    public void teardown() {
        if (this.baseDir != null) {
            FileUtils.deleteQuietly(this.baseDir);
        }
    }

    private void doTestAuthProviderOnCollection(Subject subject, Collection collection, Set<? extends Action> set) throws Exception {
        for (SearchModelAction searchModelAction : EnumSet.of(SearchModelAction.ALL, SearchModelAction.QUERY, SearchModelAction.UPDATE)) {
            doTestResourceAuthorizationProvider(subject, collection, EnumSet.of(searchModelAction), set.contains(searchModelAction));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void doTestResourceAuthorizationProvider(Subject subject, Collection collection, Set<? extends Action> set, boolean z) throws Exception {
        List asList = Arrays.asList(collection);
        Objects.ToStringHelper stringHelper = Objects.toStringHelper("TestParameters");
        stringHelper.add("Subject", subject).add("Collection", collection).add("Privileges", set).add("authzHierarchy", asList);
        LOGGER.info("Running with " + stringHelper.toString());
        Assert.assertEquals(stringHelper.toString(), z, this.authzProvider.hasAccess(subject, asList, set, ActiveRoleSet.ALL));
        LOGGER.info("Passed " + stringHelper.toString());
    }

    @Test
    public void testAdmin() throws Exception {
        EnumSet allOf = EnumSet.allOf(SearchModelAction.class);
        doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES, allOf);
        doTestAuthProviderOnCollection(SUB_ADMIN, COLL_ANALYST1, allOf);
        doTestAuthProviderOnCollection(SUB_ADMIN, COLL_JRANALYST1, allOf);
        doTestAuthProviderOnCollection(SUB_ADMIN, COLL_TMP, allOf);
        doTestAuthProviderOnCollection(SUB_ADMIN, COLL_PURCHASES_PARTIAL, allOf);
    }

    @Test
    public void testManager() throws Exception {
        doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES, EnumSet.of(SearchModelAction.UPDATE));
        EnumSet allOf = EnumSet.allOf(SearchModelAction.class);
        doTestAuthProviderOnCollection(SUB_MANAGER, COLL_ANALYST1, allOf);
        doTestAuthProviderOnCollection(SUB_MANAGER, COLL_JRANALYST1, allOf);
        doTestAuthProviderOnCollection(SUB_MANAGER, COLL_TMP, EnumSet.of(QUERY, UPDATE));
        doTestAuthProviderOnCollection(SUB_MANAGER, COLL_PURCHASES_PARTIAL, EnumSet.of(SearchModelAction.QUERY));
    }

    @Test
    public void testAnalyst() throws Exception {
        doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES, EnumSet.of(SearchModelAction.UPDATE));
        EnumSet allOf = EnumSet.allOf(SearchModelAction.class);
        doTestAuthProviderOnCollection(SUB_ANALYST, COLL_ANALYST1, allOf);
        doTestAuthProviderOnCollection(SUB_ANALYST, COLL_JRANALYST1, allOf);
        doTestAuthProviderOnCollection(SUB_ANALYST, COLL_TMP, EnumSet.of(QUERY, UPDATE));
        doTestAuthProviderOnCollection(SUB_ANALYST, COLL_PURCHASES_PARTIAL, EnumSet.noneOf(SearchModelAction.class));
    }

    @Test
    public void testJuniorAnalyst() throws Exception {
        doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_JRANALYST1, EnumSet.allOf(SearchModelAction.class));
        doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES_PARTIAL, EnumSet.of(SearchModelAction.QUERY));
        EnumSet noneOf = EnumSet.noneOf(SearchModelAction.class);
        doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_PURCHASES, noneOf);
        doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_ANALYST1, noneOf);
        doTestAuthProviderOnCollection(SUB_JUNIOR_ANALYST, COLL_TMP, noneOf);
    }

    static {
        USER_TO_GROUP_MAP.putAll(SUB_ADMIN.getName(), Arrays.asList("admin"));
        USER_TO_GROUP_MAP.putAll(SUB_MANAGER.getName(), Arrays.asList("manager"));
        USER_TO_GROUP_MAP.putAll(SUB_ANALYST.getName(), Arrays.asList("analyst"));
        USER_TO_GROUP_MAP.putAll(SUB_JUNIOR_ANALYST.getName(), Arrays.asList("jranalyst"));
    }
}
