package org.infinispan.server.security.authorization;

import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.zip.GZIPInputStream;
import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
import org.infinispan.client.rest.RestCacheClient;
import org.infinispan.client.rest.RestClient;
import org.infinispan.client.rest.RestContainerClient;
import org.infinispan.client.rest.RestEntity;
import org.infinispan.client.rest.RestResponse;
import org.infinispan.client.rest.RestResponseInfo;
import org.infinispan.client.rest.RestSecurityClient;
import org.infinispan.client.rest.RestServerClient;
import org.infinispan.client.rest.XSiteStateTransferMode;
import org.infinispan.client.rest.configuration.RestClientConfiguration;
import org.infinispan.client.rest.configuration.RestClientConfigurationBuilder;
import org.infinispan.commons.api.CacheContainerAdmin;
import org.infinispan.commons.configuration.Combine;
import org.infinispan.commons.dataconversion.MediaType;
import org.infinispan.commons.dataconversion.internal.Json;
import org.infinispan.commons.test.Exceptions;
import org.infinispan.commons.util.concurrent.CompletionStages;
import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.CacheMode;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.protostream.sampledomain.TestDomainSCI;
import org.infinispan.rest.assertion.ResponseAssertion;
import org.infinispan.rest.resources.WeakSSEListener;
import org.infinispan.server.test.api.TestUser;
import org.infinispan.server.test.core.Common;
import org.infinispan.server.test.junit5.InfinispanServerExtension;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/infinispan/server/security/authorization/RESTAuthorizationTest.class */
abstract class RESTAuthorizationTest {
    public static final String BANK_PROTO = "bank.proto";
    protected final InfinispanServerExtension ext;
    protected final Function<TestUser, String> serverPrincipal;
    protected final Map<TestUser, RestClientConfigurationBuilder> restBuilders;

    public RESTAuthorizationTest(InfinispanServerExtension infinispanServerExtension) {
        this(infinispanServerExtension, (v0) -> {
            return v0.getUser();
        }, testUser -> {
            RestClientConfigurationBuilder restClientConfigurationBuilder = new RestClientConfigurationBuilder();
            if (testUser.getUser() != null) {
                restClientConfigurationBuilder.security().authentication().mechanism("AUTO").username(testUser.getUser()).password(testUser.getPassword());
            }
            return restClientConfigurationBuilder;
        });
    }

    public RESTAuthorizationTest(InfinispanServerExtension infinispanServerExtension, Function<TestUser, String> function, Function<TestUser, RestClientConfigurationBuilder> function2) {
        this.ext = infinispanServerExtension;
        this.serverPrincipal = function;
        this.restBuilders = (Map) Stream.of((Object[]) TestUser.values()).collect(Collectors.toMap(testUser -> {
            return testUser;
        }, function2));
    }

    @Test
    public void testRestAdminCanDoEverything() {
        RestCacheClient cache = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).withCacheMode(CacheMode.DIST_SYNC).create().cache(this.ext.getMethodName());
        Common.assertStatus(204, cache.put("k", "v"));
        Common.assertStatusAndBodyEquals(200, "v", cache.get("k"));
        Common.assertStatus(200, cache.distribution());
    }

    @Test
    public void testRestLocalCacheDistribution() {
        restCreateAuthzLocalCache("admin", "observer", "deployer", "application", "writer", "reader", "monitor");
        actualTestCacheDistribution();
    }

    @Test
    public void testRestCacheDistribution() {
        restCreateAuthzCache("admin", "observer", "deployer", "application", "writer", "reader", "monitor");
        actualTestCacheDistribution();
    }

    private void actualTestCacheDistribution() {
        Iterator it = EnumSet.of(TestUser.ADMIN, TestUser.MONITOR).iterator();
        while (it.hasNext()) {
            Common.assertStatus(200, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cache(this.ext.getMethodName()).distribution());
        }
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ANONYMOUS, TestUser.ADMIN, TestUser.MONITOR)).iterator();
        while (it2.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().cache(this.ext.getMethodName()).distribution());
        }
    }

    @Test
    public void testRestKeyDistribution() {
        restCreateAuthzCache("admin", "observer", "deployer", "application", "writer", "reader", "monitor");
        Common.assertStatus(204, this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().cache(this.ext.getMethodName()).put("existentKey", "v"));
        Iterator it = EnumSet.of(TestUser.ADMIN, TestUser.MONITOR).iterator();
        while (it.hasNext()) {
            RestCacheClient cache = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cache(this.ext.getMethodName());
            Common.assertStatus(200, cache.distribution("somekey"));
            Common.assertStatus(200, cache.distribution("existentKey"));
        }
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ANONYMOUS, TestUser.ADMIN, TestUser.MONITOR)).iterator();
        while (it2.hasNext()) {
            RestCacheClient cache2 = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().cache(this.ext.getMethodName());
            Common.assertStatus(403, cache2.distribution("somekey"));
            Common.assertStatus(403, cache2.distribution("existentKey"));
        }
    }

    @Test
    public void testStats() {
        restCreateAuthzCache("admin", "observer", "deployer", "application", "writer", "reader", "monitor");
        Iterator it = EnumSet.of(TestUser.ADMIN, TestUser.MONITOR).iterator();
        while (it.hasNext()) {
            Common.assertStatus(200, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cache(this.ext.getMethodName()).stats());
        }
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ANONYMOUS, TestUser.ADMIN, TestUser.MONITOR)).iterator();
        while (it2.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().cache(this.ext.getMethodName()).stats());
        }
    }

    @Test
    public void testStatsReset() {
        restCreateAuthzCache("admin", "observer", "deployer", "application", "writer", "reader", "monitor");
        Iterator it = EnumSet.of(TestUser.ADMIN).iterator();
        while (it.hasNext()) {
            Common.assertStatus(204, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cache(this.ext.getMethodName()).statsReset());
        }
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ANONYMOUS, TestUser.ADMIN)).iterator();
        while (it2.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().cache(this.ext.getMethodName()).statsReset());
        }
    }

    @Test
    public void testRestNonAdminsMustNotCreateCache() {
        Iterator it = EnumSet.of(TestUser.APPLICATION, TestUser.OBSERVER, TestUser.MONITOR).iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            Exceptions.expectException(SecurityException.class, "(?s).*403.*", () -> {
                this.ext.rest().withClientConfiguration(this.restBuilders.get(testUser)).withCacheMode(CacheMode.DIST_SYNC).create();
            });
        }
    }

    @Test
    public void testRestNonAdminsMustNotReadCacheConfig() {
        restCreateAuthzCache(new String[0]);
        String methodName = this.ext.getMethodName();
        Iterator it = EnumSet.of(TestUser.ADMIN).iterator();
        while (it.hasNext()) {
            RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get();
            Common.assertStatus(200, restClient.cache(methodName).configuration());
            Assertions.assertNotNull(Json.read(Common.assertStatus(200, restClient.cache(methodName).details())).asJsonMap().get("configuration"));
        }
        Iterator it2 = EnumSet.of(TestUser.APPLICATION, TestUser.OBSERVER, TestUser.MONITOR).iterator();
        while (it2.hasNext()) {
            RestClient restClient2 = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get();
            Common.assertStatus(403, restClient2.cache(methodName).configuration());
            Assertions.assertNull(Json.read(Common.assertStatus(200, restClient2.cache(methodName).details())).asJsonMap().get("configuration"));
        }
    }

    @Test
    public void testRestWriterCannotReadImplicit() {
        testRestWriterCannotRead(new String[0]);
    }

    @Test
    public void testRestWriterCannotReadExplicit() {
        testRestWriterCannotRead("admin", "observer", "deployer", "application", "writer", "reader");
    }

    private void testRestWriterCannotRead(String... strArr) {
        restCreateAuthzCache(strArr);
        RestCacheClient cache = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.WRITER)).get().cache(this.ext.getMethodName());
        Common.assertStatus(204, cache.put("k1", "v1"));
        Common.assertStatus(403, cache.get("k1"));
        Common.assertStatus(403, cache.keys());
        Common.assertStatus(403, cache.entries());
        Iterator it = EnumSet.of(TestUser.OBSERVER, TestUser.DEPLOYER).iterator();
        while (it.hasNext()) {
            Common.assertStatusAndBodyEquals(200, "v1", this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cache(this.ext.getMethodName()).get("k1"));
        }
    }

    @Test
    public void testRestReaderCannotWriteImplicit() {
        testRestReaderCannotWrite(new String[0]);
    }

    @Test
    public void testRestReaderCannotWriteExplicit() {
        testRestReaderCannotWrite("admin", "observer", "deployer", "application", "writer", "reader");
    }

    private void testRestReaderCannotWrite(String... strArr) {
        restCreateAuthzCache(strArr);
        Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.OBSERVER)).get().cache(this.ext.getMethodName()).put("k1", "v1"));
        Iterator it = EnumSet.of(TestUser.APPLICATION, TestUser.DEPLOYER).iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            Common.assertStatus(204, this.ext.rest().withClientConfiguration(this.restBuilders.get(testUser)).get().cache(this.ext.getMethodName()).put(testUser.name(), testUser.name()));
        }
    }

    @Test
    public void testAnonymousHealthPredefinedCache() {
        Common.assertStatusAndBodyEquals(200, "HEALTHY", this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ANONYMOUS)).get().container().healthStatus());
    }

    @Test
    public void testRestNonAdminsMustNotShutdownServer() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().server().stop());
        }
    }

    @Test
    public void testRestNonAdminsMustNotShutdownCluster() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cluster().stop());
        }
    }

    @Test
    public void testRestNonAdminsMustNotModifyCacheIgnores() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get();
            Common.assertStatus(403, restClient.server().ignoreCache("predefined"));
            Common.assertStatus(403, restClient.server().unIgnoreCache("predefined"));
        }
    }

    @Test
    public void testRestAdminsShouldBeAbleToModifyLoggers() {
        RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get();
        Common.assertStatus(204, restClient.server().logging().setLogger("org.infinispan.TEST_LOGGER", "ERROR", new String[]{"STDOUT"}));
        Common.assertStatus(204, restClient.server().logging().removeLogger("org.infinispan.TEST_LOGGER"));
    }

    @Test
    public void testRestNonAdminsMustNotModifyLoggers() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get(testUser)).get().server().logging().setLogger("org.infinispan.TEST_LOGGER", "ERROR", new String[]{"STDOUT"}));
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get(testUser)).get().server().logging().removeLogger("org.infinispan.TEST_LOGGER"));
        }
    }

    @Test
    public void testRestAdminsShouldBeAbleToAdminServer() {
        RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get();
        Common.assertStatus(204, restClient.server().connectorStop("endpoint-alternate-1"));
        Common.assertStatus(204, restClient.server().connectorStart("endpoint-alternate-1"));
        Common.assertStatus(204, restClient.server().connectorIpFilterSet("endpoint-alternate-1", Collections.emptyList()));
        Common.assertStatus(204, restClient.server().connectorIpFiltersClear("endpoint-alternate-1"));
        Common.assertStatus(200, restClient.server().memory());
        Common.assertStatus(200, restClient.server().env());
        Common.assertStatus(200, restClient.server().configuration());
        Assertions.assertTrue(Json.read(Common.assertStatus(200, restClient.server().listConnections(true))).isArray());
    }

    @Test
    public void testRestNonAdminsMustNotAdminServer() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get();
            Common.assertStatus(403, restClient.server().report());
            Common.assertStatus(403, restClient.server().connectorStop("endpoint-default"));
            Common.assertStatus(403, restClient.server().connectorStart("endpoint-default"));
            Common.assertStatus(403, restClient.server().connectorIpFilterSet("endpoint-default", Collections.emptyList()));
            Common.assertStatus(403, restClient.server().connectorIpFiltersClear("endpoint-default"));
            Common.assertStatus(403, restClient.server().memory());
            Common.assertStatus(403, restClient.server().env());
            Common.assertStatus(403, restClient.server().configuration());
        }
    }

    @Test
    public void testAdminsAccessToPerformXSiteOps() {
        assertXSiteOps(TestUser.ADMIN, 200, 204, 304);
    }

    @Test
    public void testRestNonAdminsMustNotAccessPerformXSiteOps() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            assertXSiteOps((TestUser) it.next(), 403, 403, 403);
        }
    }

    private void assertXSiteOps(TestUser testUser, int i, int i2, int i3) {
        RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get(testUser)).get();
        RestCacheClient cache = restClient.cache("xsite");
        Common.assertStatus(i, cache.takeSiteOffline("NYC"));
        Common.assertStatus(i, cache.bringSiteOnline("NYC"));
        Common.assertStatus(i, cache.cancelPushState("NYC"));
        Common.assertStatus(i, cache.cancelReceiveState("NYC"));
        Common.assertStatus(i, cache.clearPushStateStatus());
        Common.assertStatus(i, cache.pushSiteState("NYC"));
        Common.assertStatus(i, cache.pushStateStatus());
        Common.assertStatus(i, cache.xsiteBackups());
        Common.assertStatus(i, cache.backupStatus("NYC"));
        Common.assertStatus(i, cache.getXSiteTakeOfflineConfig("NYC"));
        Common.assertStatus(i2, cache.updateXSiteTakeOfflineConfig("NYC", 10, 1000L));
        Common.assertStatus(i, cache.xSiteStateTransferMode("NYC"));
        Common.assertStatus(i3, cache.xSiteStateTransferMode("NYC", XSiteStateTransferMode.MANUAL));
        RestContainerClient container = restClient.container();
        Common.assertStatus(i, container.bringBackupOnline("NYC"));
        Common.assertStatus(i, container.takeOffline("NYC"));
        Common.assertStatus(i, container.backupStatuses());
    }

    @Test
    public void testRestNonAdminsMustNotPerformSearchActions() {
        Common.assertStatus(200, this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().schemas().put("bank.proto", TestDomainSCI.INSTANCE.getProtoFile()));
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        configurationBuilder.clustering().cacheMode(CacheMode.DIST_SYNC);
        configurationBuilder.indexing().enable().addIndexedEntity("sample_bank_account.User").statistics().enable();
        RestClient create = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).withServerConfiguration(configurationBuilder).create();
        String methodName = this.ext.getMethodName();
        create.cache(methodName);
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            searchActions((TestUser) it.next(), methodName, 403, 403);
        }
        searchActions(TestUser.ADMIN, methodName, 200, 204);
    }

    private void searchActions(TestUser testUser, String str, int i, int i2) {
        RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get(testUser)).get();
        Common.assertStatus(i, restClient.cache(str).clearSearchStats());
        Common.assertStatus(i2, restClient.cache(str).reindex());
        Common.assertStatus(i2, restClient.cache(str).clearIndex());
    }

    @Test
    public void testRestClusterDistributionPermission() {
        EnumSet of = EnumSet.of(TestUser.ADMIN, TestUser.MONITOR);
        Iterator it = of.iterator();
        while (it.hasNext()) {
            Common.assertStatus(200, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cluster().distribution());
        }
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ANONYMOUS, (TestUser[]) of.toArray(new TestUser[0]))).iterator();
        while (it2.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().cluster().distribution());
        }
    }

    @Test
    public void testRestServerNodeReport() throws Exception {
        this.ext.assumeContainerMode();
        RestResponse restResponse = (RestResponse) CompletionStages.join(this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().cluster().distribution());
        Assertions.assertEquals(200, restResponse.status());
        List list = (List) Json.read(restResponse.body()).asJsonList().stream().map(json -> {
            return json.at("node_name").asString();
        }).collect(Collectors.toList());
        RestServerClient server = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().server();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            RestResponse restResponse2 = (RestResponse) CompletionStages.join(server.report((String) it.next()));
            try {
                Assertions.assertEquals(200, restResponse2.status());
                Assertions.assertEquals("application/gzip", restResponse2.header("content-type"));
                Assertions.assertTrue(restResponse2.header("Content-Disposition").startsWith("attachment;"));
                assertValidTar(restResponse2.bodyAsStream());
                if (restResponse2 != null) {
                    restResponse2.close();
                }
            } catch (Throwable th) {
                if (restResponse2 != null) {
                    try {
                        restResponse2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        Assertions.assertEquals(404, ((RestResponse) CompletionStages.join(server.report("not-a-node-name"))).status());
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ANONYMOUS, TestUser.ADMIN)).iterator();
        while (it2.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().server().report(this.ext.getMethodName()));
        }
    }

    @Test
    public void testRestServerGeneralReport() throws Exception {
        this.ext.assumeContainerMode();
        RestResponse restResponse = (RestResponse) CompletionStages.join(this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().server().report());
        try {
            Assertions.assertEquals(200, restResponse.status());
            Assertions.assertEquals("application/gzip", restResponse.header("content-type"));
            Assertions.assertTrue(restResponse.header("Content-Disposition").startsWith("attachment;"));
            assertValidTar(restResponse.bodyAsStream());
            if (restResponse != null) {
                restResponse.close();
            }
            Iterator it = EnumSet.complementOf(EnumSet.of(TestUser.ANONYMOUS, TestUser.ADMIN)).iterator();
            while (it.hasNext()) {
                Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().server().report());
            }
        } catch (Throwable th) {
            if (restResponse != null) {
                try {
                    restResponse.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void assertValidTar(InputStream inputStream) throws Exception {
        long j = 0;
        GZIPInputStream gZIPInputStream = new GZIPInputStream(inputStream);
        try {
            TarArchiveInputStream tarArchiveInputStream = new TarArchiveInputStream(new GzipCompressorInputStream(gZIPInputStream));
            while (true) {
                try {
                    TarArchiveEntry nextEntry = tarArchiveInputStream.getNextEntry();
                    if (nextEntry == null) {
                        tarArchiveInputStream.close();
                        gZIPInputStream.close();
                        org.assertj.core.api.Assertions.assertThat(j).isPositive();
                        return;
                    } else if (!nextEntry.isDirectory()) {
                        j += nextEntry.getSize();
                    }
                } finally {
                }
            }
        } catch (Throwable th) {
            try {
                gZIPInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testRestAdminsMustAccessBackupsAndRestores() {
        String str = "backup";
        RestContainerClient container = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().container();
        Common.assertStatus(202, container.createBackup("backup"));
        File file = (File) Common.awaitStatus(() -> {
            return container.getBackup(str, false);
        }, 202, 200, restResponse -> {
            File file2 = new File(this.ext.getServerDriver().getRootDir(), restResponse.header("Content-Disposition").split("=")[1]);
            try {
                InputStream bodyAsStream = restResponse.bodyAsStream();
                try {
                    Files.copy(bodyAsStream, file2.toPath(), StandardCopyOption.REPLACE_EXISTING);
                    if (bodyAsStream != null) {
                        bodyAsStream.close();
                    }
                    return file2;
                } finally {
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        });
        Common.assertStatus(204, container.deleteBackup("backup"));
        Common.assertStatus(200, container.getBackupNames());
        Common.assertStatus(202, container.restore("backup", file));
        Common.assertStatus(200, container.getRestoreNames());
        Common.awaitStatus(() -> {
            return container.getRestore(str);
        }, 202, 201);
        Common.assertStatus(204, container.deleteRestore("backup"));
    }

    @Test
    public void testRestNonAdminsMustNotAccessBackupsAndRestores() {
        Iterator it = TestUser.NON_ADMINS.iterator();
        while (it.hasNext()) {
            RestContainerClient container = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().container();
            Common.assertStatus(403, container.createBackup("backup"));
            Common.assertStatus(403, container.getBackup("backup", true));
            Common.assertStatus(403, container.getBackupNames());
            Common.assertStatus(403, container.deleteBackup("backup"));
            Common.assertStatus(403, container.restore("restore", "somewhere"));
            Common.assertStatus(403, container.getRestoreNames());
            Common.assertStatus(403, container.getRestore("restore"));
            Common.assertStatus(403, container.deleteRestore("restore"));
        }
    }

    @Test
    public void testRestListenSSEAuthorizations() throws Exception {
        RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get();
        WeakSSEListener weakSSEListener = new WeakSSEListener();
        Closeable listen = restClient.raw().listen("/rest/v2/container?action=listen", Collections.emptyMap(), weakSSEListener);
        try {
            Assertions.assertTrue(weakSSEListener.await(10L, TimeUnit.SECONDS));
            if (listen != null) {
                listen.close();
            }
            Iterator it = TestUser.NON_ADMINS.iterator();
            while (it.hasNext()) {
                TestUser testUser = (TestUser) it.next();
                final CountDownLatch countDownLatch = new CountDownLatch(1);
                RestClient restClient2 = this.ext.rest().withClientConfiguration(this.restBuilders.get(testUser)).get();
                listen = restClient2.raw().listen("/rest/v2/container?action=listen", Collections.emptyMap(), new WeakSSEListener() { // from class: org.infinispan.server.security.authorization.RESTAuthorizationTest.1
                    public void onError(Throwable th, RestResponseInfo restResponseInfo) {
                        if (restResponseInfo.status() == 403) {
                            countDownLatch.countDown();
                        }
                    }
                });
                try {
                    Assertions.assertTrue(countDownLatch.await(10L, TimeUnit.SECONDS));
                    if (listen != null) {
                        listen.close();
                    }
                } finally {
                }
            }
        } finally {
        }
    }

    @Test
    public void testConsoleLogin() {
        Iterator it = TestUser.ALL.iterator();
        while (it.hasNext()) {
            TestUser testUser = (TestUser) it.next();
            RestClientConfiguration build = this.restBuilders.get(testUser).build();
            boolean z = !build.security().authentication().mechanism().equals("SPNEGO");
            RestClientConfigurationBuilder followRedirects = new RestClientConfigurationBuilder().read(build, Combine.DEFAULT).clearServers().followRedirects(z);
            InetSocketAddress serverSocket = this.ext.getServerDriver().getServerSocket(0, 11222);
            followRedirects.addServer().host(serverSocket.getHostName()).port(serverSocket.getPort());
            RestClient restClient = this.ext.rest().withClientConfiguration(followRedirects).get();
            Common.assertStatus(z ? 200 : 307, restClient.raw().get("/rest/v2/login"));
            Assertions.assertEquals(this.serverPrincipal.apply(testUser), ((Json) ((Json) Json.read(Common.assertStatus(200, restClient.raw().get("/rest/v2/security/user/acl"))).asJsonMap().get("subject")).asJsonList().get(0)).asMap().get("name"));
        }
    }

    @Test
    public void testRestCacheNames() {
        RestResponse restResponse;
        restCreateAuthzCache("admin", "observer", "deployer");
        String methodName = this.ext.getMethodName();
        Iterator it = EnumSet.of(TestUser.ADMIN, TestUser.OBSERVER, TestUser.DEPLOYER).iterator();
        while (it.hasNext()) {
            restResponse = (RestResponse) CompletionStages.join(this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().caches());
            try {
                Assertions.assertEquals(200, restResponse.status());
                Set set = (Set) Json.read(restResponse.body()).asJsonList().stream().map((v0) -> {
                    return v0.asString();
                }).collect(Collectors.toSet());
                Assertions.assertTrue(set.contains(methodName), set.toString());
                if (restResponse != null) {
                    restResponse.close();
                }
            } finally {
            }
        }
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ADMIN, TestUser.OBSERVER, TestUser.DEPLOYER, TestUser.ANONYMOUS)).iterator();
        while (it2.hasNext()) {
            restResponse = (RestResponse) CompletionStages.join(this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().caches());
            try {
                Assertions.assertEquals(200, restResponse.status());
                Set set2 = (Set) Json.read(restResponse.body()).asJsonList().stream().map((v0) -> {
                    return v0.asString();
                }).collect(Collectors.toSet());
                Assertions.assertFalse(set2.contains(methodName), set2.toString());
                if (restResponse != null) {
                    restResponse.close();
                }
            } finally {
            }
        }
    }

    @Test
    public void testBulkReadUsersCanQuery() {
        createIndexedCache();
        Iterator it = EnumSet.of(TestUser.ADMIN, TestUser.DEPLOYER, TestUser.APPLICATION, TestUser.OBSERVER).iterator();
        while (it.hasNext()) {
            RestCacheClient cache = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cache(this.ext.getMethodName());
            Common.assertStatus(200, cache.query("FROM sample_bank_account.User WHERE name = 'Tom'"));
            Common.assertStatus(200, cache.searchStats());
            Common.assertStatus(200, cache.indexStats());
            Common.assertStatus(200, cache.queryStats());
        }
    }

    @Test
    public void testNonBulkReadUsersCannotQuery() {
        createIndexedCache();
        Iterator it = EnumSet.of(TestUser.READER, TestUser.WRITER, TestUser.MONITOR).iterator();
        while (it.hasNext()) {
            RestCacheClient cache = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().cache(this.ext.getMethodName());
            Common.assertStatus(403, cache.query("FROM sample_bank_account.User WHERE name = 'Tom'"));
            Common.assertStatus(200, cache.searchStats());
            Common.assertStatus(200, cache.indexStats());
            Common.assertStatus(200, cache.queryStats());
        }
    }

    @Test
    public void testFlushACL() {
        Iterator it = EnumSet.of(TestUser.ADMIN).iterator();
        while (it.hasNext()) {
            Common.assertStatus(204, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().security().flushCache());
        }
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ADMIN, TestUser.ANONYMOUS)).iterator();
        while (it2.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().security().flushCache());
        }
    }

    @Test
    public void testRoleManipulation() {
        Iterator it = EnumSet.of(TestUser.ADMIN).iterator();
        while (it.hasNext()) {
            RestSecurityClient security = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().security();
            Common.assertStatus(200, security.listUsers());
            Common.assertStatus(204, security.createRole("myrole", "my-role description", List.of("ALL_READ", "ALL_WRITE")));
            Json read = Json.read(Common.assertStatus(200, security.describeRole("myrole")));
            Assertions.assertEquals("myrole", read.at("name").asString());
            Assertions.assertEquals("my-role description", read.at("description").asString());
            Assertions.assertFalse(read.at("implicit").asBoolean());
            List asJsonList = read.at("permissions").asJsonList();
            Assertions.assertEquals(2, asJsonList.size());
            Assertions.assertTrue(((Set) asJsonList.stream().map((v0) -> {
                return v0.asString();
            }).collect(Collectors.toSet())).containsAll(List.of("ALL_READ", "ALL_WRITE")), asJsonList.toString());
            RestResponse restResponse = (RestResponse) Common.sync(security.grant("myuser", List.of("myrole")));
            try {
                if (restResponse.status() == 204) {
                    Common.assertStatusAndBodyEquals(200, "[\"myrole\"]", security.listRoles("myuser"));
                    CompletionStage listRoles = security.listRoles();
                    ResponseAssertion.assertThat(listRoles).isOk();
                    ResponseAssertion.assertThat(listRoles).hasReturnedText("[\"observer\",\"application\",\"reader\",\"admin\",\"monitor\",\"deployer\",\"writer\",\"myrole\"]");
                    CompletionStage listRoles2 = security.listRoles(true);
                    ResponseAssertion.assertThat(listRoles2).isOk();
                    ResponseAssertion.assertThat(listRoles2).containsInAnyOrderReturnedText(new String[]{"admin", "permissions", "inheritable", "implicit", "description"});
                    Common.assertStatus(204, security.deny("myuser", List.of("myrole")));
                }
                if (restResponse != null) {
                    restResponse.close();
                }
            } catch (Throwable th) {
                if (restResponse != null) {
                    try {
                        restResponse.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        Iterator it2 = EnumSet.complementOf(EnumSet.of(TestUser.ADMIN, TestUser.ANONYMOUS)).iterator();
        while (it2.hasNext()) {
            RestSecurityClient security2 = this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it2.next())).get().security();
            Common.assertStatus(403, security2.listUsers());
            Common.assertStatus(403, security2.createRole("myrole", "description", List.of("ALL_READ", "ALL_WRITE")));
            Common.assertStatus(403, security2.describeRole("myrole"));
            Common.assertStatus(403, security2.grant("myuser", List.of("myrole")));
            Common.assertStatus(403, security2.listRoles("myuser"));
            Common.assertStatus(403, security2.deny("myuser", List.of("myrole")));
            Common.assertStatus(403, security2.listRoles());
            Common.assertStatus(403, security2.listRoles(true));
        }
    }

    @Test
    public void overviewReport() {
        Common.assertStatus(200, this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().server().overviewReport());
        Iterator it = EnumSet.complementOf(EnumSet.of(TestUser.ADMIN, TestUser.ANONYMOUS)).iterator();
        while (it.hasNext()) {
            Common.assertStatus(403, this.ext.rest().withClientConfiguration(this.restBuilders.get((TestUser) it.next())).get().server().overviewReport());
        }
    }

    @Test
    public void updateConfigurationAttribute() {
        RestEntity create = RestEntity.create(MediaType.APPLICATION_XML, "<?xml version=\"1.0\"?>\n<local-cache name=\"bla\" statistics=\"true\">\n  <encoding media-type=\"application/x-protostream\"/>\n</local-cache>");
        RestCacheClient cache = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get().cache("bla");
        ResponseAssertion.assertThat(cache.createWithConfiguration(create, new CacheContainerAdmin.AdminFlag[0])).isOk();
        ResponseAssertion.assertThat(cache.updateConfigurationAttribute("tracing.categories", new String[]{"cluster x-site"})).isOk();
    }

    private void createIndexedCache() {
        String protoFile = TestDomainSCI.INSTANCE.getProtoFile();
        RestClient restClient = this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).get();
        Common.assertStatus(204, restClient.cache("___protobuf_metadata").put("bank.proto", protoFile));
        Common.assertStatus(200, restClient.cache(this.ext.getMethodName()).createWithConfiguration(RestEntity.create(MediaType.APPLICATION_JSON, "{\"distributed-cache\":{\"statistics\":true,\"encoding\":{\"media-type\":\"application/x-protostream\"},\"indexing\":{\"enabled\":true,\"storage\":\"local-heap\",\"indexed-entities\":[\"sample_bank_account.User\"]},\"security\":{\"authorization\":{}}}}"), new CacheContainerAdmin.AdminFlag[0]));
    }

    private RestClient restCreateAuthzCache(String... strArr) {
        return restCreateAuthzCache(CacheMode.DIST_SYNC, strArr);
    }

    private RestClient restCreateAuthzLocalCache(String... strArr) {
        return restCreateAuthzCache(CacheMode.LOCAL, strArr);
    }

    private RestClient restCreateAuthzCache(CacheMode cacheMode, String... strArr) {
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        AuthorizationConfigurationBuilder enable = configurationBuilder.clustering().cacheMode(cacheMode).security().authorization().enable();
        if (strArr != null) {
            for (String str : strArr) {
                enable.role(str);
            }
        }
        return this.ext.rest().withClientConfiguration(this.restBuilders.get(TestUser.ADMIN)).withServerConfiguration(configurationBuilder).create();
    }
}
