package org.infinispan.client.hotrod.tracing;

import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import org.assertj.core.api.Assertions;
import org.infinispan.client.hotrod.test.SingleHotRodServerTest;
import org.infinispan.commons.test.Exceptions;
import org.infinispan.configuration.cache.AuthorizationConfigurationBuilder;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.global.GlobalAuthorizationConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.Security;
import org.infinispan.security.audit.LoggingAuditLogger;
import org.infinispan.security.mappers.IdentityRoleMapper;
import org.infinispan.server.core.telemetry.OpenTelemetryService;
import org.infinispan.server.core.telemetry.inmemory.InMemoryTelemetryClient;
import org.infinispan.server.core.telemetry.inmemory.InMemoryTelemetryService;
import org.infinispan.test.TestingUtil;
import org.infinispan.test.fwk.TestCacheManagerFactory;
import org.testng.annotations.Test;

@Test(groups = {"tracing"}, testName = "org.infinispan.client.hotrod.tracing.TracingSecurityTest")
/* loaded from: input_file:org/infinispan/client/hotrod/tracing/TracingSecurityTest.class */
public class TracingSecurityTest extends SingleHotRodServerTest {
    private final InMemoryTelemetryClient telemetryClient = new InMemoryTelemetryClient();
    private final LoggingAuditLogger auditLogger = new LoggingAuditLogger();
    public static final String ADMIN_ROLE = "admin";
    public static final Subject ADMIN = TestingUtil.makeSubject(new String[]{ADMIN_ROLE});
    public static final String READER_ROLE = "reader";
    public static final Subject READER = TestingUtil.makeSubject(new String[]{READER_ROLE});

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.client.hotrod.test.SingleHotRodServerTest
    public EmbeddedCacheManager createCacheManager() throws Exception {
        this.auditLogger.setTelemetryService(new OpenTelemetryService(InMemoryTelemetryService.instance().openTelemetry()));
        GlobalConfigurationBuilder globalConfigurationBuilder = new GlobalConfigurationBuilder();
        GlobalAuthorizationConfigurationBuilder auditLogger = globalConfigurationBuilder.security().authorization().enable().groupOnlyMapping(false).principalRoleMapper(new IdentityRoleMapper()).auditLogger(this.auditLogger);
        ConfigurationBuilder defaultCacheConfiguration = TestCacheManagerFactory.getDefaultCacheConfiguration(true);
        AuthorizationConfigurationBuilder enable = defaultCacheConfiguration.security().authorization().enable();
        auditLogger.role(ADMIN_ROLE).permission(AuthorizationPermission.ALL).role(READER_ROLE).permission(AuthorizationPermission.READ);
        enable.role(ADMIN_ROLE).role(READER_ROLE);
        return TestCacheManagerFactory.createCacheManager(globalConfigurationBuilder, defaultCacheConfiguration);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.client.hotrod.test.SingleHotRodServerTest
    public void setup() throws Exception {
        Security.doAs(ADMIN, () -> {
            try {
                this.cacheManager = createCacheManager();
                this.cache = this.cacheManager.getCache();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.infinispan.client.hotrod.test.SingleHotRodServerTest
    public void teardown() {
        this.telemetryClient.reset();
        Security.doAs(ADMIN, () -> {
            super.teardown();
        });
    }

    protected void clearContent() {
        Security.doAs(ADMIN, () -> {
            this.cacheManager.getCache().clear();
        });
    }

    public void testReaderReadAllow() {
        Exceptions.expectException(SecurityException.class, () -> {
            Security.doAs(READER, () -> {
                return this.cacheManager.getCache().put("key", "value");
            });
        });
        Security.doAs(ADMIN, () -> {
            return this.cacheManager.getCache().put("key", "value");
        });
        Security.doAs(READER, () -> {
            return this.cacheManager.getCache().get("key");
        });
        eventually(() -> {
            return this.telemetryClient.finishedSpanItems().toString();
        }, () -> {
            List finishedSpanItems = this.telemetryClient.finishedSpanItems();
            if (finishedSpanItems.size() < 5) {
                return false;
            }
            Map aggregateByName = InMemoryTelemetryClient.aggregateByName(finishedSpanItems);
            return !((List) aggregateByName.get("DENY")).isEmpty() && ((List) aggregateByName.get("ALLOW")).size() >= 4;
        }, 10L, TimeUnit.SECONDS);
        Map aggregateByName = InMemoryTelemetryClient.aggregateByName(this.telemetryClient.finishedSpanItems());
        Assertions.assertThat((List) aggregateByName.get("DENY")).hasSize(1);
        Assertions.assertThat((List) aggregateByName.get("ALLOW")).hasSize(4);
    }
}
