package org.apache.pulsar.broker.admin;

import io.jsonwebtoken.Jwts;
import java.util.Collections;
import java.util.HashMap;
import java.util.Set;
import java.util.UUID;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.security.MockedPulsarStandalone;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@Test(groups = {"broker-admin"})
/* loaded from: input_file:org/apache/pulsar/broker/admin/NamespaceAuthZTest.class */
public class NamespaceAuthZTest extends MockedPulsarStandalone {
    private PulsarAdmin superUserAdmin;
    private PulsarAdmin tenantManagerAdmin;
    private static final String TENANT_ADMIN_SUBJECT = UUID.randomUUID().toString();
    private static final String TENANT_ADMIN_TOKEN = Jwts.builder().claim("sub", TENANT_ADMIN_SUBJECT).signWith(SECRET_KEY).compact();

    @BeforeClass
    public void before() {
        configureTokenAuthentication();
        configureDefaultAuthorization();
        start();
        this.superUserAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(SUPER_USER_TOKEN)).build();
        TenantInfo tenantInfo = this.superUserAdmin.tenants().getTenantInfo("public");
        tenantInfo.getAdminRoles().add(TENANT_ADMIN_SUBJECT);
        this.superUserAdmin.tenants().updateTenant("public", tenantInfo);
        this.tenantManagerAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(TENANT_ADMIN_TOKEN)).build();
    }

    @AfterClass
    public void after() {
        if (this.superUserAdmin != null) {
            this.superUserAdmin.close();
        }
        if (this.tenantManagerAdmin != null) {
            this.tenantManagerAdmin.close();
        }
        close();
    }

    @Test
    public void testProperties() {
        String str = "persistent://public/default/" + UUID.randomUUID().toString();
        String uuid = UUID.randomUUID().toString();
        String compact = Jwts.builder().claim("sub", uuid).signWith(SECRET_KEY).compact();
        this.superUserAdmin.topics().createNonPartitionedTopic(str);
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(compact)).build();
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("key1", "value1");
            this.superUserAdmin.namespaces().setProperties("public/default", hashMap);
            this.superUserAdmin.namespaces().setProperty("public/default", "key2", "value2");
            this.superUserAdmin.namespaces().getProperties("public/default");
            this.superUserAdmin.namespaces().getProperty("public/default", "key2");
            this.superUserAdmin.namespaces().removeProperty("public/default", "key2");
            this.superUserAdmin.namespaces().clearProperties("public/default");
            this.tenantManagerAdmin.namespaces().setProperties("public/default", hashMap);
            this.tenantManagerAdmin.namespaces().setProperty("public/default", "key2", "value2");
            this.tenantManagerAdmin.namespaces().getProperties("public/default");
            this.tenantManagerAdmin.namespaces().getProperty("public/default", "key2");
            this.tenantManagerAdmin.namespaces().removeProperty("public/default", "key2");
            this.tenantManagerAdmin.namespaces().clearProperties("public/default");
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.namespaces().setProperties("public/default", hashMap);
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.namespaces().setProperty("public/default", "key2", "value2");
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.namespaces().getProperties("public/default");
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.namespaces().getProperty("public/default", "key2");
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.namespaces().removeProperty("public/default", "key2");
            });
            Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                build.namespaces().clearProperties("public/default");
            });
            for (AuthAction authAction : AuthAction.values()) {
                this.superUserAdmin.namespaces().grantPermissionOnNamespace("public/default", uuid, Set.of(authAction));
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.namespaces().setProperties("public/default", hashMap);
                });
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.namespaces().setProperty("public/default", "key2", "value2");
                });
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.namespaces().getProperties("public/default");
                });
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.namespaces().getProperty("public/default", "key2");
                });
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.namespaces().removeProperty("public/default", "key2");
                });
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    build.namespaces().clearProperties("public/default");
                });
                this.superUserAdmin.namespaces().revokePermissionsOnNamespace("public/default", uuid);
            }
            this.superUserAdmin.topics().delete(str, true);
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
            throw th;
        }
    }
}
