package org.apache.storm.security.auth.authorizer;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.storm.security.auth.IGroupMappingServiceProvider;
import org.apache.storm.security.auth.ReqContext;
import org.apache.storm.utils.ConfigUtils;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/storm/security/auth/authorizer/SimpleACLAuthorizerTest.class */
public class SimpleACLAuthorizerTest {

    /* loaded from: input_file:org/apache/storm/security/auth/authorizer/SimpleACLAuthorizerTest$SimpleACLTopologyReadOnlyGroupAuthTestMock.class */
    public static class SimpleACLTopologyReadOnlyGroupAuthTestMock implements IGroupMappingServiceProvider {
        public void prepare(Map<String, Object> map) {
        }

        public Set<String> getGroups(String str) throws IOException {
            return "user-in-readonly-group".equals(str) ? new HashSet(Arrays.asList("group-readonly")) : new HashSet(Arrays.asList(str));
        }
    }

    @Test
    public void SimpleACLUserAuthTest() {
        Map readStormConfig = ConfigUtils.readStormConfig();
        HashSet hashSet = new HashSet(Arrays.asList("admin"));
        HashSet hashSet2 = new HashSet(Arrays.asList("supervisor"));
        readStormConfig.put("nimbus.admins", hashSet);
        readStormConfig.put("nimbus.supervisor.users", hashSet2);
        SimpleACLAuthorizer simpleACLAuthorizer = new SimpleACLAuthorizer();
        Subject createSubject = createSubject("admin");
        Subject createSubject2 = createSubject("supervisor");
        Subject createSubject3 = createSubject("user-a");
        Subject createSubject4 = createSubject("user-b");
        simpleACLAuthorizer.prepare(readStormConfig);
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "submitTopology", new HashMap()));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "submitTopology", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "submitTopology", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "submitTopology", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "fileUpload", new HashMap()));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "fileUpload", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "fileUpload", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "fileUpload", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getNimbusConf", new HashMap()));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getNimbusConf", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getNimbusConf", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getNimbusConf", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getClusterInfo", new HashMap()));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getClusterInfo", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getClusterInfo", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getClusterInfo", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getSupervisorPageInfo", new HashMap()));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getSupervisorPageInfo", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getSupervisorPageInfo", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getSupervisorPageInfo", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "fileDownload", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "fileDownload", new HashMap()));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "fileDownload", new HashMap()));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "fileDownload", new HashMap()));
        HashMap hashMap = new HashMap();
        hashMap.put("topology.users", new HashSet(Arrays.asList("user-a")));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "killTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "killTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "killTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "killTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "rebalance", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "rebalance", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "rebalance", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "rebalance", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "activate", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "activate", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "activate", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "activate", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "deactivate", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "deactivate", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "deactivate", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "deactivate", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopologyConf", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopologyConf", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getTopologyConf", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getTopologyConf", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getUserTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getUserTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getUserTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getUserTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopologyInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopologyInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getTopologyInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getTopologyInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopologyPageInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopologyPageInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getTopologyPageInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getTopologyPageInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getComponentPageInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getComponentPageInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getComponentPageInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getComponentPageInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "uploadNewCredentials", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "uploadNewCredentials", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "uploadNewCredentials", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "uploadNewCredentials", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "setLogConfig", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "setLogConfig", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "setLogConfig", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "setLogConfig", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "setWorkerProfiler", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "setWorkerProfiler", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "setWorkerProfiler", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "setWorkerProfiler", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getWorkerProfileActionExpiry", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getWorkerProfileActionExpiry", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getWorkerProfileActionExpiry", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getWorkerProfileActionExpiry", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getComponentPendingProfileActions", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getComponentPendingProfileActions", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getComponentPendingProfileActions", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getComponentPendingProfileActions", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "startProfiling", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "startProfiling", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "startProfiling", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "startProfiling", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "stopProfiling", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "stopProfiling", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "stopProfiling", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "stopProfiling", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "dumpProfile", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "dumpProfile", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "dumpProfile", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "dumpProfile", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "dumpJstack", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "dumpJstack", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "dumpJstack", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "dumpJstack", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "dumpHeap", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "dumpHeap", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "dumpHeap", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "dumpHeap", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "debug", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "debug", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "debug", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "debug", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getLogConfig", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getLogConfig", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getLogConfig", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "getLogConfig", hashMap));
    }

    @Test
    public void SimpleACLNimbusUserAuthTest() {
        Map readStormConfig = ConfigUtils.readStormConfig();
        HashSet hashSet = new HashSet(Arrays.asList("admin"));
        HashSet hashSet2 = new HashSet(Arrays.asList("supervisor"));
        HashSet hashSet3 = new HashSet(Arrays.asList("user-a"));
        readStormConfig.put("nimbus.admins", hashSet);
        readStormConfig.put("nimbus.supervisor.users", hashSet2);
        readStormConfig.put("nimbus.users", hashSet3);
        SimpleACLAuthorizer simpleACLAuthorizer = new SimpleACLAuthorizer();
        Subject createSubject = createSubject("admin");
        Subject createSubject2 = createSubject("supervisor");
        Subject createSubject3 = createSubject("user-a");
        Subject createSubject4 = createSubject("user-b");
        simpleACLAuthorizer.prepare(readStormConfig);
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "submitTopology", new HashMap()));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject4), "submitTopology", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "fileUpload", new HashMap()));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "fileDownload", new HashMap()));
    }

    @Test
    public void SimpleACLTopologyReadOnlyUserAuthTest() {
        Map readStormConfig = ConfigUtils.readStormConfig();
        HashMap hashMap = new HashMap();
        hashMap.put("topology.users", new HashSet(Arrays.asList("user-a")));
        hashMap.put("topology.readonly.users", new HashSet(Arrays.asList("user-readonly")));
        Subject createSubject = createSubject("user-a");
        Subject createSubject2 = createSubject("user-b");
        Subject createSubject3 = createSubject("user-readonly");
        SimpleACLAuthorizer simpleACLAuthorizer = new SimpleACLAuthorizer();
        simpleACLAuthorizer.prepare(readStormConfig);
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "killTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "killTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "killTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "rebalance", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "rebalance", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "rebalance", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "activate", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "activate", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "activate", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "deactivate", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "deactivate", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "deactivate", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getTopologyConf", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopologyConf", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopologyConf", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getUserTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getUserTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getUserTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getTopologyInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopologyInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopologyInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getTopologyPageInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopologyPageInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopologyPageInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getComponentPageInfo", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getComponentPageInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getComponentPageInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "uploadNewCredentials", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "uploadNewCredentials", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "uploadNewCredentials", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "setLogConfig", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "setLogConfig", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "setLogConfig", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "setWorkerProfiler", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "setWorkerProfiler", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "setWorkerProfiler", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getWorkerProfileActionExpiry", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getWorkerProfileActionExpiry", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getWorkerProfileActionExpiry", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getComponentPendingProfileActions", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getComponentPendingProfileActions", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getComponentPendingProfileActions", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "startProfiling", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "startProfiling", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "startProfiling", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "stopProfiling", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "stopProfiling", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "stopProfiling", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "dumpProfile", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "dumpProfile", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "dumpProfile", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "dumpJstack", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "dumpJstack", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "dumpJstack", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "dumpHeap", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "dumpHeap", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "dumpHeap", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "debug", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "debug", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "debug", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject3), "getLogConfig", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getLogConfig", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getLogConfig", hashMap));
    }

    @Test
    public void SimpleACLTopologyReadOnlyGroupAuthTest() {
        Map readStormConfig = ConfigUtils.readStormConfig();
        readStormConfig.put("storm.group.mapping.service", SimpleACLTopologyReadOnlyGroupAuthTestMock.class.getName());
        HashMap hashMap = new HashMap();
        hashMap.put("topology.readonly.groups", new HashSet(Arrays.asList("group-readonly")));
        Subject createSubject = createSubject("user-in-readonly-group");
        Subject createSubject2 = createSubject("user-b");
        SimpleACLAuthorizer simpleACLAuthorizer = new SimpleACLAuthorizer();
        simpleACLAuthorizer.prepare(readStormConfig);
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject), "killTopology", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "killTopology", hashMap));
        Assert.assertTrue(simpleACLAuthorizer.permit(new ReqContext(createSubject), "getTopologyInfo", hashMap));
        Assert.assertFalse(simpleACLAuthorizer.permit(new ReqContext(createSubject2), "getTopologyInfo", hashMap));
    }

    private Subject createSubject(String str) {
        HashSet hashSet = new HashSet();
        hashSet.add(createPrincipal(str));
        return new Subject(true, hashSet, new HashSet(), new HashSet());
    }

    private Principal createPrincipal(final String str) {
        return new Principal() { // from class: org.apache.storm.security.auth.authorizer.SimpleACLAuthorizerTest.1
            @Override // java.security.Principal
            public String getName() {
                return str;
            }
        };
    }
}
