package org.apache.sentry.policy.solr;

import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;
import java.util.Collections;
import org.apache.commons.io.FileUtils;
import org.apache.sentry.core.common.ActiveRoleSet;
import org.apache.sentry.core.common.Authorizable;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/policy/solr/TestSearchPolicyNegative.class */
public class TestSearchPolicyNegative {
    private static final Logger LOGGER = LoggerFactory.getLogger(TestSearchPolicyNegative.class);
    private File baseDir;
    private File globalPolicyFile;
    private File otherPolicyFile;

    @Before
    public void setup() {
        this.baseDir = Files.createTempDir();
        this.globalPolicyFile = new File(this.baseDir, "global.ini");
        this.otherPolicyFile = new File(this.baseDir, "other.ini");
    }

    @After
    public void teardown() {
        if (this.baseDir != null) {
            FileUtils.deleteQuietly(this.baseDir);
        }
    }

    private void append(String str, File file) throws IOException {
        Files.append(str + "\n", file, Charsets.UTF_8);
    }

    @Test
    public void testPerDbFileException() throws Exception {
        append("[databases]", this.globalPolicyFile);
        append("other_group_db = " + this.otherPolicyFile.getPath(), this.globalPolicyFile);
        append("[groups]", this.otherPolicyFile);
        append("other_group = some_role", this.otherPolicyFile);
        append("[roles]", this.otherPolicyFile);
        append("some_role = collection=c1", this.otherPolicyFile);
        Assert.assertEquals(Collections.emptySet(), SearchPolicyTestUtil.createPolicyEngineForTest(this.globalPolicyFile.getPath()).getPrivileges(Sets.newHashSet(new String[]{"other_group"}), ActiveRoleSet.ALL, new Authorizable[0]));
    }

    @Test
    public void testCollectionRequiredInRole() throws Exception {
        append("[groups]", this.globalPolicyFile);
        append("group = some_role", this.globalPolicyFile);
        append("[roles]", this.globalPolicyFile);
        append("some_role = action=query", this.globalPolicyFile);
        ImmutableSet privileges = SearchPolicyTestUtil.createPolicyEngineForTest(this.globalPolicyFile.getPath()).getPrivileges(Sets.newHashSet(new String[]{"group"}), ActiveRoleSet.ALL, new Authorizable[0]);
        Assert.assertTrue(privileges.toString(), privileges.isEmpty());
    }

    @Test
    public void testGroupIncorrect() throws Exception {
        append("[groups]", this.globalPolicyFile);
        append("group = malicious_role", this.globalPolicyFile);
        append("[roles]", this.globalPolicyFile);
        append("malicious_role = collection=*", this.globalPolicyFile);
        ImmutableSet privileges = SearchPolicyTestUtil.createPolicyEngineForTest(this.globalPolicyFile.getPath()).getPrivileges(Sets.newHashSet(new String[]{"incorrectGroup"}), ActiveRoleSet.ALL, new Authorizable[0]);
        Assert.assertTrue(privileges.toString(), privileges.isEmpty());
    }
}
