package org.apache.zeppelin.rest;

import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import java.io.IOException;
import java.util.Map;
import org.apache.commons.httpclient.HttpMethodBase;
import org.apache.commons.httpclient.methods.DeleteMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.PutMethod;
import org.apache.zeppelin.notebook.Notebook;
import org.apache.zeppelin.utils.TestUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/zeppelin/rest/NotebookSecurityRestApiTest.class */
public class NotebookSecurityRestApiTest extends AbstractTestRestApi {
    Gson gson = new Gson();

    @BeforeClass
    public static void init() throws Exception {
        AbstractTestRestApi.startUpWithAuthenticationEnable(NotebookSecurityRestApiTest.class.getSimpleName());
    }

    @AfterClass
    public static void destroy() throws Exception {
        AbstractTestRestApi.shutDown();
    }

    @Before
    public void setUp() {
    }

    @Test
    public void testThatUserCanCreateAndRemoveNote() throws IOException {
        String createNoteForUser = createNoteForUser("test", "admin", "password1");
        Assert.assertNotNull(createNoteForUser);
        Assert.assertThat(getNoteIdForUser(createNoteForUser, "admin", "password1"), CoreMatchers.is(createNoteForUser));
        deleteNoteForUser(createNoteForUser, "admin", "password1");
    }

    @Test
    public void testThatOtherUserCanAccessNoteIfPermissionNotSet() throws IOException {
        String createNoteForUser = createNoteForUser("test", "admin", "password1");
        userTryGetNote(createNoteForUser, "user1", "password2", isAllowed());
        deleteNoteForUser(createNoteForUser, "admin", "password1");
    }

    @Test
    public void testThatOtherUserCannotAccessNoteIfPermissionSet() throws IOException {
        String createNoteForUser = createNoteForUser("test", "admin", "password1");
        PutMethod httpPut = httpPut("/notebook/" + createNoteForUser + "/permissions", "{ \"owners\": [\"admin\"], \"readers\": [\"user2\"], \"runners\": [\"user2\"], \"writers\": [\"user2\"] }", "admin", "password1");
        Assert.assertThat("test set note permission method:", httpPut, isAllowed());
        httpPut.releaseConnection();
        userTryGetNote(createNoteForUser, "user1", "password2", isForbidden());
        userTryGetNote(createNoteForUser, "user2", "password3", isAllowed());
        deleteNoteForUser(createNoteForUser, "admin", "password1");
    }

    @Test
    public void testThatWriterCannotRemoveNote() throws IOException {
        String createNoteForUser = createNoteForUser("test", "admin", "password1");
        PutMethod httpPut = httpPut("/notebook/" + createNoteForUser + "/permissions", "{ \"owners\": [\"admin\", \"user1\"], \"readers\": [\"user2\"], \"runners\": [\"user2\"], \"writers\": [\"user2\"] }", "admin", "password1");
        Assert.assertThat("test set note permission method:", httpPut, isAllowed());
        httpPut.releaseConnection();
        userTryRemoveNote(createNoteForUser, "user2", "password3", isForbidden());
        userTryRemoveNote(createNoteForUser, "user1", "password2", isAllowed());
        Assert.assertNull("Deleted note should be null", ((Notebook) TestUtils.getInstance(Notebook.class)).getNote(createNoteForUser));
    }

    private void userTryRemoveNote(String str, String str2, String str3, Matcher<? super HttpMethodBase> matcher) throws IOException {
        DeleteMethod httpDelete = httpDelete("/notebook/" + str, str2, str3);
        Assert.assertThat(httpDelete, matcher);
        httpDelete.releaseConnection();
    }

    private void userTryGetNote(String str, String str2, String str3, Matcher<? super HttpMethodBase> matcher) throws IOException {
        GetMethod httpGet = httpGet("/notebook/" + str, str2, str3);
        Assert.assertThat(httpGet, matcher);
        httpGet.releaseConnection();
    }

    /* JADX WARN: Type inference failed for: r2v3, types: [org.apache.zeppelin.rest.NotebookSecurityRestApiTest$1] */
    private String getNoteIdForUser(String str, String str2, String str3) throws IOException {
        GetMethod httpGet = httpGet("/notebook/" + str, str2, str3);
        Assert.assertThat("test note create method:", httpGet, isAllowed());
        Map map = (Map) this.gson.fromJson(httpGet.getResponseBodyAsString(), new TypeToken<Map<String, Object>>() { // from class: org.apache.zeppelin.rest.NotebookSecurityRestApiTest.1
        }.getType());
        httpGet.releaseConnection();
        return (String) ((Map) map.get("body")).get("id");
    }

    /* JADX WARN: Type inference failed for: r2v3, types: [org.apache.zeppelin.rest.NotebookSecurityRestApiTest$2] */
    private String createNoteForUser(String str, String str2, String str3) throws IOException {
        PostMethod httpPost = httpPost("/notebook/", "{\"name\":\"" + str + "\"}", str2, str3);
        Assert.assertThat("test note create method:", httpPost, isAllowed());
        Map map = (Map) this.gson.fromJson(httpPost.getResponseBodyAsString(), new TypeToken<Map<String, Object>>() { // from class: org.apache.zeppelin.rest.NotebookSecurityRestApiTest.2
        }.getType());
        httpPost.releaseConnection();
        String str4 = (String) map.get("body");
        Assert.assertNotNull("Can not find new note by id", ((Notebook) TestUtils.getInstance(Notebook.class)).getNote(str4));
        return str4;
    }

    private void deleteNoteForUser(String str, String str2, String str3) throws IOException {
        DeleteMethod httpDelete = httpDelete("/notebook/" + str, str2, str3);
        Assert.assertThat("Test delete method:", httpDelete, isAllowed());
        httpDelete.releaseConnection();
        if (str.isEmpty()) {
            return;
        }
        Assert.assertNull("Deleted note should be null", ((Notebook) TestUtils.getInstance(Notebook.class)).getNote(str));
    }

    private void createParagraphForUser(String str, String str2, String str3, String str4, String str5) throws IOException {
        httpPost("/notebook/" + str + "/paragraph", "{\"title\": \"" + str4 + "\",\"text\": \"" + str5 + "\"}", str2, str3).releaseConnection();
    }

    private void setPermissionForNote(String str, String str2, String str3) throws IOException {
        httpPut("/notebook/" + str + "/permissions", "{\"owners\":[\"" + str2 + "\"],\"readers\":[\"" + str2 + "\"],\"runners\":[\"" + str2 + "\"],\"writers\":[\"" + str2 + "\"]}", str2, str3).releaseConnection();
    }
}
