package org.apache.pulsar.client.api;

import com.google.common.collect.Sets;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import javax.crypto.SecretKey;
import javax.ws.rs.InternalServerErrorException;
import org.apache.pulsar.broker.authentication.AuthenticationProviderBasic;
import org.apache.pulsar.broker.authentication.AuthenticationProviderTls;
import org.apache.pulsar.broker.authentication.AuthenticationProviderToken;
import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationBasic;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.Policies;
import org.apache.pulsar.common.policies.data.TenantInfoImpl;
import org.apache.zookeeper.KeeperException;
import org.awaitility.Awaitility;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

@Test(groups = {"broker-api"})
/* loaded from: input_file:org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.class */
public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
    private static final Logger log = LoggerFactory.getLogger(AuthenticatedProducerConsumerTest.class);
    private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
    private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
    private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
    private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
    private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
    private final String BASIC_CONF_FILE_PATH = "./src/test/resources/authentication/basic/.htpasswd";
    private final SecretKey SECRET_KEY = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
    private final String ADMIN_TOKEN = AuthTokenUtils.createToken(this.SECRET_KEY, "admin", Optional.empty());
    private final Authentication tlsAuth = new AuthenticationTls("./src/test/resources/authentication/tls/client-cert.pem", "./src/test/resources/authentication/tls/client-key.pem");
    private final Authentication tokenAuth = new AuthenticationToken(this.ADMIN_TOKEN);

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeMethod
    protected void setup() throws Exception {
        if (this.methodName.equals("testAnonymousSyncProducerAndConsumer")) {
            this.conf.setAnonymousUserRole("anonymousUser");
        }
        this.conf.setAuthenticationEnabled(true);
        this.conf.setAuthorizationEnabled(true);
        this.conf.setBrokerServicePortTls(Optional.of(0));
        this.conf.setWebServicePortTls(Optional.of(0));
        this.conf.setTlsTrustCertsFilePath("./src/test/resources/authentication/tls/cacert.pem");
        this.conf.setTlsCertificateFilePath("./src/test/resources/authentication/tls/broker-cert.pem");
        this.conf.setTlsKeyFilePath("./src/test/resources/authentication/tls/broker-key.pem");
        this.conf.setTlsAllowInsecureConnection(true);
        this.conf.setTopicLevelPoliciesEnabled(false);
        HashSet hashSet = new HashSet();
        hashSet.add("localhost");
        hashSet.add("superUser");
        hashSet.add("superUser2");
        hashSet.add("admin");
        this.conf.setSuperUserRoles(hashSet);
        this.conf.setBrokerClientTlsEnabled(true);
        this.conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
        this.conf.setBrokerClientAuthenticationParameters("tlsCertFile:./src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:./src/test/resources/authentication/tls/client-key.pem");
        HashSet hashSet2 = new HashSet();
        hashSet2.add(AuthenticationProviderTls.class.getName());
        System.setProperty("pulsar.auth.basic.conf", "./src/test/resources/authentication/basic/.htpasswd");
        hashSet2.add(AuthenticationProviderBasic.class.getName());
        Properties properties = new Properties();
        properties.setProperty("tokenSecretKey", AuthTokenUtils.encodeKeyBase64(this.SECRET_KEY));
        this.conf.setProperties(properties);
        hashSet2.add(AuthenticationProviderToken.class.getName());
        this.conf.setAuthenticationProviders(hashSet2);
        this.conf.setClusterName("test");
        this.conf.setNumExecutorThreadPoolSize(5);
        super.init();
    }

    protected final void internalSetup(Authentication authentication) throws Exception {
        this.admin = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrlTls.toString()).tlsTrustCertsFilePath("./src/test/resources/authentication/tls/cacert.pem").allowTlsInsecureConnection(true).authentication(authentication).build());
        replacePulsarClient(PulsarClient.builder().serviceUrl(this.methodName.equals("testBasicCryptSyncProducerAndConsumer") ? this.pulsar.getWebServiceAddressTls() : this.pulsar.getBrokerServiceUrlTls()).statsInterval(0L, TimeUnit.SECONDS).tlsTrustCertsFilePath("./src/test/resources/authentication/tls/cacert.pem").allowTlsInsecureConnection(true).authentication(authentication).enableTls(true));
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod(alwaysRun = true)
    protected void cleanup() throws Exception {
        super.internalCleanup();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "batch")
    public Object[][] codecProvider() {
        return new Object[]{new Object[]{0}, new Object[]{1000}};
    }

    private void testSyncProducerAndConsumer(int i) throws Exception {
        Consumer subscribe = this.pulsarClient.newConsumer().topic(new String[]{"persistent://my-property/my-ns/my-topic"}).subscriptionName("my-subscriber-name").subscribe();
        ProducerBuilder producerBuilder = this.pulsarClient.newProducer().topic("persistent://my-property/my-ns/my-topic");
        if (i != 0) {
            producerBuilder.enableBatching(true);
            producerBuilder.batchingMaxPublishDelay(i, TimeUnit.MILLISECONDS);
            producerBuilder.batchingMaxMessages(5);
        }
        Producer create = producerBuilder.create();
        for (int i2 = 0; i2 < 10; i2++) {
            create.send(("my-message-" + i2).getBytes());
        }
        Message message = null;
        HashSet hashSet = new HashSet();
        for (int i3 = 0; i3 < 10; i3++) {
            message = subscribe.receive(5, TimeUnit.SECONDS);
            String str = new String(message.getData());
            log.debug("Received message: [{}]", str);
            testMessageOrderAndDuplicates(hashSet, str, "my-message-" + i3);
        }
        subscribe.acknowledgeCumulative(message);
        subscribe.close();
    }

    @Test(dataProvider = "batch")
    public void testTlsSyncProducerAndConsumer(int i) throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        AuthenticationTls authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        internalSetup((Authentication) authenticationTls);
        this.admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.pulsar.getWebServiceAddress()).build());
        this.admin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet(new String[]{"appid1", "appid2"}), Sets.newHashSet(new String[]{"test"})));
        this.admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet(new String[]{"test"}));
        testSyncProducerAndConsumer(i);
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test(dataProvider = "batch")
    public void testBasicCryptSyncProducerAndConsumer(int i) throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        AuthenticationBasic authenticationBasic = new AuthenticationBasic();
        authenticationBasic.configure("{\"userId\":\"superUser\",\"password\":\"supepass\"}");
        internalSetup((Authentication) authenticationBasic);
        this.admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.pulsar.getWebServiceAddress()).build());
        this.admin.tenants().createTenant("my-property", new TenantInfoImpl(new HashSet(), Sets.newHashSet(new String[]{"test"})));
        this.admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet(new String[]{"test"}));
        testSyncProducerAndConsumer(i);
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test(dataProvider = "batch")
    public void testBasicArp1SyncProducerAndConsumer(int i) throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        AuthenticationBasic authenticationBasic = new AuthenticationBasic();
        authenticationBasic.configure("{\"userId\":\"superUser2\",\"password\":\"superpassword\"}");
        internalSetup((Authentication) authenticationBasic);
        this.admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.pulsar.getWebServiceAddress()).build());
        this.admin.tenants().createTenant("my-property", new TenantInfoImpl(new HashSet(), Sets.newHashSet(new String[]{"test"})));
        this.admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet(new String[]{"test"}));
        testSyncProducerAndConsumer(i);
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test(dataProvider = "batch")
    public void testAnonymousSyncProducerAndConsumer(int i) throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        AuthenticationTls authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        internalSetup((Authentication) authenticationTls);
        this.admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.brokerUrl.toString()).serviceUrlTls(this.brokerUrlTls.toString()).brokerServiceUrl(this.pulsar.getBrokerServiceUrl()).brokerServiceUrlTls(this.pulsar.getBrokerServiceUrlTls()).build());
        this.admin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet(new String[]{"anonymousUser"}), Sets.newHashSet(new String[]{"test"})));
        this.admin.close();
        this.admin = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrl.toString()).build());
        this.admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet(new String[]{"test"}));
        this.admin.topics().grantPermission("persistent://my-property/my-ns/my-topic", "anonymousUser", EnumSet.allOf(AuthAction.class));
        replacePulsarClient(PulsarClient.builder().serviceUrl(this.pulsar.getBrokerServiceUrl()).operationTimeout(1, TimeUnit.SECONDS));
        this.pulsarClient.newConsumer().topic(new String[]{"persistent://my-property/my-ns/other-topic"}).subscriptionName("my-subscriber-name").subscribe();
        testSyncProducerAndConsumer(i);
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testAuthenticationFilterNegative() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        AuthenticationTls authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        internalSetup((Authentication) authenticationTls);
        try {
            this.admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.brokerUrl.toString()).serviceUrlTls(this.brokerUrlTls.toString()).brokerServiceUrl(this.pulsar.getBrokerServiceUrl()).brokerServiceUrlTls(this.pulsar.getBrokerServiceUrlTls()).build());
        } catch (PulsarAdminException e) {
            Assert.assertTrue(e.getCause() instanceof InternalServerErrorException);
        }
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testInternalServerExceptionOnLookup() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        AuthenticationTls authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        internalSetup((Authentication) authenticationTls);
        this.admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.brokerUrl.toString()).serviceUrlTls(this.brokerUrlTls.toString()).brokerServiceUrl(this.pulsar.getBrokerServiceUrl()).brokerServiceUrlTls(this.pulsar.getBrokerServiceUrlTls()).build());
        this.admin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet(new String[]{"appid1", "appid2"}), Sets.newHashSet(new String[]{"test"})));
        this.admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet(new String[]{"test"}));
        String str = "persistent://" + "my-property/my-ns" + "1/topic1";
        this.mockZooKeeperGlobal.setAlwaysFail(KeeperException.Code.SESSIONEXPIRED);
        this.pulsar.getConfiguration().setSuperUserRoles(new HashSet());
        try {
            this.admin.topics().getPartitionedTopicMetadata(str);
        } catch (PulsarAdminException e) {
            Assert.assertTrue(e.getCause() instanceof InternalServerErrorException);
        }
        try {
            this.admin.lookups().lookupTopic(str);
        } catch (PulsarAdminException e2) {
            Assert.assertTrue(e2.getCause() instanceof InternalServerErrorException);
        }
        this.mockZooKeeperGlobal.unsetAlwaysFail();
    }

    @Test
    public void testDeleteAuthenticationPoliciesOfTopic() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        AuthenticationTls authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        internalSetup((Authentication) authenticationTls);
        this.admin.clusters().createCluster("test", ClusterData.builder().build());
        this.admin.tenants().createTenant("p1", new TenantInfoImpl(Collections.emptySet(), new HashSet(this.admin.clusters().getClusters())));
        this.admin.namespaces().createNamespace("p1/ns1");
        String str = "persistent://p1/ns1/topic";
        this.admin.topics().createNonPartitionedTopic("persistent://p1/ns1/topic");
        this.admin.topics().grantPermission("persistent://p1/ns1/topic", "test-user", EnumSet.of(AuthAction.consume));
        Awaitility.await().untilAsserted(() -> {
            Assert.assertTrue(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(str));
        });
        this.admin.topics().delete("persistent://p1/ns1/topic");
        Awaitility.await().untilAsserted(() -> {
            Assert.assertFalse(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(str));
        });
        String str2 = "persistent://p1/ns1/partitioned-topic";
        int i = 5;
        this.admin.topics().createPartitionedTopic("persistent://p1/ns1/partitioned-topic", 5);
        this.admin.topics().grantPermission("persistent://p1/ns1/partitioned-topic", "test-user", EnumSet.of(AuthAction.consume));
        Awaitility.await().untilAsserted(() -> {
            Assert.assertTrue(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(str2));
            for (int i2 = 0; i2 < i; i2++) {
                Assert.assertTrue(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(TopicName.get(str2).getPartition(i2).toString()));
            }
        });
        this.admin.topics().deletePartitionedTopic("persistent://p1/ns1/partitioned-topic");
        Awaitility.await().untilAsserted(() -> {
            Assert.assertFalse(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(str2));
            for (int i2 = 0; i2 < i; i2++) {
                Assert.assertFalse(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(TopicName.get(str2).getPartition(i2).toString()));
            }
        });
        this.admin.namespaces().deleteNamespace("p1/ns1");
        this.admin.tenants().deleteTenant("p1");
        this.admin.clusters().deleteCluster("test");
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] tlsTransportWithAuth() {
        Supplier supplier = () -> {
            return this.pulsar.getWebServiceAddressTls();
        };
        Supplier supplier2 = () -> {
            return this.pulsar.getBrokerServiceUrlTls();
        };
        return new Object[]{new Object[]{supplier, this.tlsAuth}, new Object[]{supplier2, this.tlsAuth}, new Object[]{supplier, this.tokenAuth}, new Object[]{supplier2, this.tokenAuth}};
    }

    @Test(dataProvider = "tlsTransportWithAuth")
    public void testTlsTransportWithAnyAuth(Supplier<String> supplier, Authentication authentication) throws Exception {
        internalSetup((Authentication) new AuthenticationToken(this.ADMIN_TOKEN));
        this.admin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.pulsar.getWebServiceAddress()).build());
        this.admin.tenants().createTenant("my-property", new TenantInfoImpl(new HashSet(), Sets.newHashSet(new String[]{"test"})));
        this.admin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet(new String[]{"test"}));
        PulsarClient build = PulsarClient.builder().serviceUrl(supplier.get()).tlsTrustCertsFilePath("./src/test/resources/authentication/tls/cacert.pem").tlsTrustCertsFilePath("./src/test/resources/authentication/tls/cacert.pem").tlsKeyFilePath("./src/test/resources/authentication/tls/client-key.pem").tlsCertificateFilePath("./src/test/resources/authentication/tls/client-cert.pem").authentication(authentication).allowTlsInsecureConnection(false).enableTlsHostnameVerification(false).build();
        try {
            Producer create = build.newProducer().topic("persistent://my-property/my-ns/my-topic-1").create();
            if (Collections.singletonList(create).get(0) != null) {
                create.close();
            }
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test
    public void testCleanupEmptyTopicAuthenticationMap() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        AuthenticationTls authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        internalSetup((Authentication) authenticationTls);
        this.admin.clusters().createCluster("test", ClusterData.builder().build());
        this.admin.tenants().createTenant("p1", new TenantInfoImpl(Collections.emptySet(), new HashSet(this.admin.clusters().getClusters())));
        this.admin.namespaces().createNamespace("p1/ns1");
        String str = "persistent://p1/ns1/topic";
        this.admin.topics().createNonPartitionedTopic("persistent://p1/ns1/topic");
        Assert.assertFalse(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey("persistent://p1/ns1/topic"));
        this.admin.topics().grantPermission("persistent://p1/ns1/topic", "test-user-1", EnumSet.of(AuthAction.consume));
        Awaitility.await().untilAsserted(() -> {
            Assert.assertTrue(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(str));
        });
        this.admin.topics().revokePermissions("persistent://p1/ns1/topic", "test-user-1");
        Awaitility.await().untilAsserted(() -> {
            Assert.assertFalse(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(str));
        });
        this.admin.topics().grantPermission("persistent://p1/ns1/topic", "test-user-1", EnumSet.of(AuthAction.consume));
        Awaitility.await().untilAsserted(() -> {
            Assert.assertTrue(((Policies) this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1")).get()).auth_policies.getTopicAuthentication().containsKey(str));
        });
    }

    @Test
    public void testCleanupEmptySubscriptionAuthenticationMap() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("tlsCertFile", "./src/test/resources/authentication/tls/client-cert.pem");
        hashMap.put("tlsKeyFile", "./src/test/resources/authentication/tls/client-key.pem");
        AuthenticationTls authenticationTls = new AuthenticationTls();
        authenticationTls.configure(hashMap);
        internalSetup((Authentication) authenticationTls);
        this.admin.clusters().createCluster("test", ClusterData.builder().build());
        this.admin.tenants().createTenant("p1", new TenantInfoImpl(Collections.emptySet(), new HashSet(this.admin.clusters().getClusters())));
        this.admin.namespaces().createNamespace("p1/ns1");
        HashSet hashSet = new HashSet();
        hashSet.add("test-user-1");
        hashSet.add("test-user-2");
        this.admin.namespaces().grantPermissionOnSubscription("p1/ns1", "test-sub-1", hashSet);
        Optional policies = this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1"));
        Assert.assertTrue(policies.isPresent());
        Assert.assertTrue(((Policies) policies.get()).auth_policies.getSubscriptionAuthentication().containsKey("test-sub-1"));
        Assert.assertTrue(((Set) ((Policies) policies.get()).auth_policies.getSubscriptionAuthentication().get("test-sub-1")).contains("test-user-1"));
        Assert.assertTrue(((Set) ((Policies) policies.get()).auth_policies.getSubscriptionAuthentication().get("test-sub-1")).contains("test-user-2"));
        this.admin.namespaces().revokePermissionOnSubscription("p1/ns1", "test-sub-1", "test-user-1");
        Optional policies2 = this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1"));
        Assert.assertTrue(policies2.isPresent());
        Assert.assertTrue(((Policies) policies2.get()).auth_policies.getSubscriptionAuthentication().containsKey("test-sub-1"));
        Assert.assertFalse(((Set) ((Policies) policies2.get()).auth_policies.getSubscriptionAuthentication().get("test-sub-1")).contains("test-user-1"));
        Assert.assertTrue(((Set) ((Policies) policies2.get()).auth_policies.getSubscriptionAuthentication().get("test-sub-1")).contains("test-user-2"));
        this.admin.namespaces().revokePermissionOnSubscription("p1/ns1", "test-sub-1", "test-user-2");
        Optional policies3 = this.pulsar.getPulsarResources().getNamespaceResources().getPolicies(NamespaceName.get("p1/ns1"));
        Assert.assertTrue(policies3.isPresent());
        Assert.assertFalse(((Policies) policies3.get()).auth_policies.getSubscriptionAuthentication().containsKey("test-sub-1"));
    }
}
