package org.apache.pulsar.client.api;

import com.google.common.collect.Sets;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest;
import org.apache.pulsar.broker.authentication.AuthenticationProviderToken;
import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
import org.apache.pulsar.broker.authorization.MultiRolesTokenAuthorizationProvider;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminBuilder;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pulsar/client/api/MultiRolesTokenAuthorizationProviderTest.class */
public class MultiRolesTokenAuthorizationProviderTest extends MockedPulsarServiceBaseTest {
    private final SecretKey secretKey = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
    private final String superUserToken;
    private final String normalUserToken;

    public MultiRolesTokenAuthorizationProviderTest() {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add("user1");
        hashSet.add("superUser");
        hashMap.put("roles", hashSet);
        this.superUserToken = Jwts.builder().setClaims(hashMap).signWith(this.secretKey).compact();
        HashSet hashSet2 = new HashSet();
        hashSet2.add("normalUser");
        hashSet2.add("user2");
        hashSet2.add("user5");
        hashMap.put("roles", hashSet2);
        this.normalUserToken = Jwts.builder().setClaims(hashMap).signWith(this.secretKey).compact();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void doInitConf() throws Exception {
        super.doInitConf();
        this.conf.setAuthenticationEnabled(true);
        this.conf.setAuthorizationEnabled(true);
        HashSet hashSet = new HashSet();
        hashSet.add("superUser");
        this.conf.setSuperUserRoles(hashSet);
        Properties properties = new Properties();
        properties.setProperty("tokenSecretKey", "data:;base64," + Base64.getEncoder().encodeToString(this.secretKey.getEncoded()));
        properties.setProperty("tokenAuthClaim", "roles");
        this.conf.setProperties(properties);
        this.conf.setBrokerClientAuthenticationPlugin(AuthenticationToken.class.getName());
        this.conf.setBrokerClientAuthenticationParameters(this.superUserToken);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(AuthenticationProviderToken.class.getName());
        this.conf.setAuthenticationProviders(hashSet2);
        this.conf.setAuthorizationProvider(MultiRolesTokenAuthorizationProvider.class.getName());
        this.conf.setClusterName(this.configClusterName);
        this.conf.setNumExecutorThreadPoolSize(5);
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeClass
    protected void setup() throws Exception {
        super.internalSetup();
        this.admin.clusters().createCluster(this.configClusterName, ClusterData.builder().serviceUrl(this.brokerUrl.toString()).build());
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @BeforeClass
    protected void cleanup() throws Exception {
        super.internalCleanup();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void customizeNewPulsarClientBuilder(ClientBuilder clientBuilder) {
        clientBuilder.authentication(new AuthenticationToken(this.superUserToken));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    public void customizeNewPulsarAdminBuilder(PulsarAdminBuilder pulsarAdminBuilder) {
        pulsarAdminBuilder.authentication(new AuthenticationToken(this.superUserToken));
    }

    private PulsarAdmin newPulsarAdmin(String str) throws PulsarClientException {
        return PulsarAdmin.builder().serviceHttpUrl(this.pulsar.getWebServiceAddress()).authentication(new AuthenticationToken(str)).requestTimeout(3, TimeUnit.SECONDS).build();
    }

    private PulsarClient newPulsarClient(String str) throws PulsarClientException {
        return PulsarClient.builder().serviceUrl(this.pulsar.getBrokerServiceUrl()).authentication(new AuthenticationToken(str)).operationTimeout(3, TimeUnit.SECONDS).build();
    }

    @Test
    public void testAdminRequestWithSuperUserToken() throws Exception {
        PulsarAdmin newPulsarAdmin = newPulsarAdmin(this.superUserToken);
        try {
            newPulsarAdmin.tenants().createTenant("superuser-admin-tenant", TenantInfo.builder().allowedClusters(Sets.newHashSet(new String[]{this.configClusterName})).build());
            newPulsarAdmin.namespaces().createNamespace("superuser-admin-tenant" + "/" + "superuser-admin-namespace");
            newPulsarAdmin.brokers().getAllDynamicConfigurations();
            newPulsarAdmin.tenants().getTenants();
            newPulsarAdmin.topics().getList("superuser-admin-tenant" + "/" + "superuser-admin-namespace");
            if (Collections.singletonList(newPulsarAdmin).get(0) != null) {
                newPulsarAdmin.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(newPulsarAdmin).get(0) != null) {
                newPulsarAdmin.close();
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testProduceAndConsumeWithSuperUserToken() throws Exception {
        PulsarAdmin newPulsarAdmin = newPulsarAdmin(this.superUserToken);
        try {
            newPulsarAdmin.tenants().createTenant("superuser-client-tenant", TenantInfo.builder().allowedClusters(Sets.newHashSet(new String[]{this.configClusterName})).build());
            newPulsarAdmin.namespaces().createNamespace("superuser-client-tenant" + "/" + "superuser-client-namespace");
            String str = "superuser-client-tenant" + "/" + "superuser-client-namespace" + "/test-topic";
            PulsarClient newPulsarClient = newPulsarClient(this.superUserToken);
            try {
                Producer create = newPulsarClient.newProducer().topic(str).create();
                try {
                    byte[] bytes = "hello".getBytes(StandardCharsets.UTF_8);
                    create.send(bytes);
                    Consumer subscribe = newPulsarClient.newConsumer().topic(new String[]{str}).subscriptionInitialPosition(SubscriptionInitialPosition.Earliest).subscriptionName("test").subscribe();
                    try {
                        Message receive = subscribe.receive(3, TimeUnit.SECONDS);
                        Assert.assertNotNull(receive);
                        Assert.assertEquals(receive.getData(), bytes);
                        if (Collections.singletonList(subscribe).get(0) != null) {
                            subscribe.close();
                        }
                        if (Collections.singletonList(create).get(0) != null) {
                            create.close();
                        }
                        if (Collections.singletonList(newPulsarClient).get(0) != null) {
                            newPulsarClient.close();
                        }
                    } catch (Throwable th) {
                        if (Collections.singletonList(subscribe).get(0) != null) {
                            subscribe.close();
                        }
                        throw th;
                    }
                } catch (Throwable th2) {
                    if (Collections.singletonList(create).get(0) != null) {
                        create.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (Collections.singletonList(newPulsarClient).get(0) != null) {
                    newPulsarClient.close();
                }
                throw th3;
            }
        } finally {
            if (Collections.singletonList(newPulsarAdmin).get(0) != null) {
                newPulsarAdmin.close();
            }
        }
    }

    @Test
    public void testAdminRequestWithNormalUserToken() throws Exception {
        String str = "normaluser-admin-tenant";
        PulsarAdmin newPulsarAdmin = newPulsarAdmin(this.normalUserToken);
        try {
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                newPulsarAdmin.tenants().createTenant(str, TenantInfo.builder().allowedClusters(Sets.newHashSet(new String[]{this.configClusterName})).build());
            });
        } finally {
            if (Collections.singletonList(newPulsarAdmin).get(0) != null) {
                newPulsarAdmin.close();
            }
        }
    }

    @Test
    public void testProduceAndConsumeWithNormalUserToken() throws Exception {
        PulsarAdmin newPulsarAdmin = newPulsarAdmin(this.superUserToken);
        try {
            newPulsarAdmin.tenants().createTenant("normaluser-client-tenant", TenantInfo.builder().allowedClusters(Sets.newHashSet(new String[]{this.configClusterName})).build());
            newPulsarAdmin.namespaces().createNamespace("normaluser-client-tenant" + "/" + "normaluser-client-namespace");
            String str = "normaluser-client-tenant" + "/" + "normaluser-client-namespace" + "/test-topic";
            PulsarClient newPulsarClient = newPulsarClient(this.normalUserToken);
            try {
                Assert.assertThrows(PulsarClientException.AuthorizationException.class, () -> {
                    Producer create = newPulsarClient.newProducer().topic(str).create();
                    if (Collections.singletonList(create).get(0) != null) {
                        create.close();
                    }
                });
                Assert.assertThrows(PulsarClientException.AuthorizationException.class, () -> {
                    Consumer subscribe = newPulsarClient.newConsumer().topic(new String[]{str}).subscriptionInitialPosition(SubscriptionInitialPosition.Earliest).subscriptionName("test").subscribe();
                    if (Collections.singletonList(subscribe).get(0) != null) {
                        subscribe.close();
                    }
                });
                if (Collections.singletonList(newPulsarClient).get(0) != null) {
                    newPulsarClient.close();
                }
            } catch (Throwable th) {
                if (Collections.singletonList(newPulsarClient).get(0) != null) {
                    newPulsarClient.close();
                }
                throw th;
            }
        } finally {
            if (Collections.singletonList(newPulsarAdmin).get(0) != null) {
                newPulsarAdmin.close();
            }
        }
    }
}
