package org.apache.storm.daemon.logviewer.utils;

import java.nio.file.Paths;
import java.util.Collections;
import java.util.HashMap;
import org.apache.storm.daemon.logviewer.testsupport.ArgumentsVerifier;
import org.apache.storm.daemon.logviewer.utils.ResourceAuthorizer;
import org.apache.storm.utils.Utils;
import org.junit.Assert;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.mockito.Matchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/storm/daemon/logviewer/utils/ResourceAuthorizerTest.class */
public class ResourceAuthorizerTest {
    @Test
    public void testAuthorizedLogUserAllowClusterAdmin() {
        HashMap hashMap = new HashMap(Utils.readStormConfig());
        hashMap.put("nimbus.admins", Collections.singletonList("alice"));
        ResourceAuthorizer resourceAuthorizer = (ResourceAuthorizer) Mockito.spy(new ResourceAuthorizer(hashMap));
        ((ResourceAuthorizer) Mockito.doReturn(new ResourceAuthorizer.LogUserGroupWhitelist(Collections.emptySet(), Collections.emptySet())).when(resourceAuthorizer)).getLogUserGroupWhitelist(Matchers.anyString());
        ((ResourceAuthorizer) Mockito.doReturn(Collections.emptySet()).when(resourceAuthorizer)).getUserGroups(Matchers.anyString());
        Assert.assertTrue(resourceAuthorizer.isAuthorizedLogUser("alice", "non-blank-fname"));
        verifyStubMethodsAreCalledProperly(resourceAuthorizer);
    }

    @Test
    public void testAuthorizedLogUserIgnoreAnyClusterSetTopologyUsersAndTopologyGroups() {
        HashMap hashMap = new HashMap(Utils.readStormConfig());
        hashMap.put("topology.users", Collections.singletonList("alice"));
        hashMap.put("topology.groups", Collections.singletonList("alice-group"));
        ResourceAuthorizer resourceAuthorizer = (ResourceAuthorizer) Mockito.spy(new ResourceAuthorizer(hashMap));
        ((ResourceAuthorizer) Mockito.doReturn(new ResourceAuthorizer.LogUserGroupWhitelist(Collections.emptySet(), Collections.emptySet())).when(resourceAuthorizer)).getLogUserGroupWhitelist(Matchers.anyString());
        ((ResourceAuthorizer) Mockito.doReturn(Collections.singleton("alice-group")).when(resourceAuthorizer)).getUserGroups(Matchers.anyString());
        Assert.assertFalse(resourceAuthorizer.isAuthorizedLogUser("alice", "non-blank-fname"));
        verifyStubMethodsAreCalledProperly(resourceAuthorizer);
    }

    @Test
    public void testAuthorizedLogUserAllowClusterLogsUser() {
        HashMap hashMap = new HashMap(Utils.readStormConfig());
        hashMap.put("logs.users", Collections.singletonList("alice"));
        ResourceAuthorizer resourceAuthorizer = (ResourceAuthorizer) Mockito.spy(new ResourceAuthorizer(hashMap));
        ((ResourceAuthorizer) Mockito.doReturn(new ResourceAuthorizer.LogUserGroupWhitelist(Collections.emptySet(), Collections.emptySet())).when(resourceAuthorizer)).getLogUserGroupWhitelist(Matchers.anyString());
        ((ResourceAuthorizer) Mockito.doReturn(Collections.emptySet()).when(resourceAuthorizer)).getUserGroups(Matchers.anyString());
        Assert.assertTrue(resourceAuthorizer.isAuthorizedLogUser("alice", "non-blank-fname"));
        verifyStubMethodsAreCalledProperly(resourceAuthorizer);
    }

    @Test
    public void testAuthorizedLogUserAllowWhitelistedTopologyUser() {
        ResourceAuthorizer resourceAuthorizer = (ResourceAuthorizer) Mockito.spy(new ResourceAuthorizer(new HashMap(Utils.readStormConfig())));
        ((ResourceAuthorizer) Mockito.doReturn(new ResourceAuthorizer.LogUserGroupWhitelist(Collections.singleton("alice"), Collections.emptySet())).when(resourceAuthorizer)).getLogUserGroupWhitelist(Matchers.anyString());
        ((ResourceAuthorizer) Mockito.doReturn(Collections.emptySet()).when(resourceAuthorizer)).getUserGroups(Matchers.anyString());
        Assert.assertTrue(resourceAuthorizer.isAuthorizedLogUser("alice", "non-blank-fname"));
        verifyStubMethodsAreCalledProperly(resourceAuthorizer);
    }

    @Test
    public void testAuthorizedLogUserAllowWhitelistedTopologyGroup() {
        ResourceAuthorizer resourceAuthorizer = (ResourceAuthorizer) Mockito.spy(new ResourceAuthorizer(new HashMap(Utils.readStormConfig())));
        ((ResourceAuthorizer) Mockito.doReturn(new ResourceAuthorizer.LogUserGroupWhitelist(Collections.emptySet(), Collections.singleton("alice-group"))).when(resourceAuthorizer)).getLogUserGroupWhitelist(Matchers.anyString());
        ((ResourceAuthorizer) Mockito.doReturn(Collections.singleton("alice-group")).when(resourceAuthorizer)).getUserGroups(Matchers.anyString());
        Assert.assertTrue(resourceAuthorizer.isAuthorizedLogUser("alice", "non-blank-fname"));
        verifyStubMethodsAreCalledProperly(resourceAuthorizer);
    }

    @Test
    public void testAuthorizedLogUserDisallowUserNotInNimbusAdminNorTopoUserNorLogsUserNotWhitelist() {
        ResourceAuthorizer resourceAuthorizer = (ResourceAuthorizer) Mockito.spy(new ResourceAuthorizer(new HashMap(Utils.readStormConfig())));
        ((ResourceAuthorizer) Mockito.doReturn(new ResourceAuthorizer.LogUserGroupWhitelist(Collections.emptySet(), Collections.emptySet())).when(resourceAuthorizer)).getLogUserGroupWhitelist(Matchers.anyString());
        ((ResourceAuthorizer) Mockito.doReturn(Collections.emptySet()).when(resourceAuthorizer)).getUserGroups(Matchers.anyString());
        Assert.assertFalse(resourceAuthorizer.isAuthorizedLogUser("alice", "non-blank-fname"));
        verifyStubMethodsAreCalledProperly(resourceAuthorizer);
    }

    @Test
    public void testFailOnUpwardPathTraversal() {
        ResourceAuthorizer resourceAuthorizer = new ResourceAuthorizer(new HashMap(Utils.readStormConfig()));
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            resourceAuthorizer.isAuthorizedLogUser("user", Paths.get("some/../path", new String[0]).toString());
        });
    }

    private void verifyStubMethodsAreCalledProperly(ResourceAuthorizer resourceAuthorizer) {
        ArgumentsVerifier.verifyFirstCallArgsForSingleArgMethod(argumentCaptor -> {
            ((ResourceAuthorizer) Mockito.verify(resourceAuthorizer)).getLogUserGroupWhitelist((String) argumentCaptor.capture());
        }, String.class, "non-blank-fname");
        ArgumentsVerifier.verifyFirstCallArgsForSingleArgMethod(argumentCaptor2 -> {
            ((ResourceAuthorizer) Mockito.verify(resourceAuthorizer)).getUserGroups((String) argumentCaptor2.capture());
        }, String.class, "alice");
    }

    @Test
    public void authorizationFailsWhenFilterConfigured() {
        HashMap hashMap = new HashMap(Utils.readStormConfig());
        ResourceAuthorizer resourceAuthorizer = (ResourceAuthorizer) Mockito.spy(new ResourceAuthorizer(hashMap));
        Mockito.when(Boolean.valueOf(resourceAuthorizer.isAuthorizedLogUser(Matchers.anyString(), Matchers.anyString()))).thenReturn(false);
        Assert.assertTrue(resourceAuthorizer.isUserAllowedToAccessFile("bob", "anyfile"));
        hashMap.put("logviewer.filter", "someFilter");
        Assert.assertFalse(resourceAuthorizer.isUserAllowedToAccessFile("bob", "anyfile"));
    }
}
