package org.apache.pulsar.broker.admin;

import io.jsonwebtoken.Jwts;
import java.util.Collections;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.apache.pulsar.broker.authorization.AuthorizationService;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.api.Consumer;
import org.apache.pulsar.client.api.Producer;
import org.apache.pulsar.client.api.PulsarClient;
import org.apache.pulsar.client.api.Schema;
import org.apache.pulsar.client.api.schema.proto.Test;
import org.apache.pulsar.client.api.transaction.Transaction;
import org.apache.pulsar.client.impl.MessageIdImpl;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.naming.SystemTopicNames;
import org.apache.pulsar.common.partition.PartitionedTopicMetadata;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.policies.data.TopicOperation;
import org.apache.pulsar.common.schema.SchemaInfo;
import org.apache.pulsar.common.schema.SchemaType;
import org.apache.pulsar.metadata.api.MetadataStoreException;
import org.apache.pulsar.socks5.auth.DefaultPasswordAuthImpl;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

@Test(groups = {"broker-admin"})
/* loaded from: input_file:org/apache/pulsar/broker/admin/TransactionAndSchemaAuthZTest.class */
public class TransactionAndSchemaAuthZTest extends AuthZTest {
    private final String testTopic = "persistent://public/default/" + UUID.randomUUID().toString();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.pulsar.broker.admin.TransactionAndSchemaAuthZTest$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/pulsar/broker/admin/TransactionAndSchemaAuthZTest$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$pulsar$broker$admin$TransactionAndSchemaAuthZTest$OperationAuthType = new int[OperationAuthType.values().length];

        static {
            try {
                $SwitchMap$org$apache$pulsar$broker$admin$TransactionAndSchemaAuthZTest$OperationAuthType[OperationAuthType.Lookup.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$pulsar$broker$admin$TransactionAndSchemaAuthZTest$OperationAuthType[OperationAuthType.Consume.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$pulsar$broker$admin$TransactionAndSchemaAuthZTest$OperationAuthType[OperationAuthType.Produce.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$pulsar$broker$admin$TransactionAndSchemaAuthZTest$OperationAuthType[OperationAuthType.AdminOrSuperUser.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$pulsar$broker$admin$TransactionAndSchemaAuthZTest$OperationAuthType[OperationAuthType.NOAuth.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:org/apache/pulsar/broker/admin/TransactionAndSchemaAuthZTest$OperationAuthType.class */
    public enum OperationAuthType {
        Lookup,
        Produce,
        Consume,
        AdminOrSuperUser,
        NOAuth
    }

    @FunctionalInterface
    /* loaded from: input_file:org/apache/pulsar/broker/admin/TransactionAndSchemaAuthZTest$ThrowingBiConsumer.class */
    public interface ThrowingBiConsumer<T> {
        void accept(T t) throws PulsarAdminException;
    }

    @BeforeClass(alwaysRun = true)
    public void setup() {
        configureTokenAuthentication();
        configureDefaultAuthorization();
        enableTransaction();
        start();
        createTransactionCoordinatorAssign(16);
        this.superUserAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(SUPER_USER_TOKEN)).build();
        TenantInfo tenantInfo = this.superUserAdmin.tenants().getTenantInfo("public");
        tenantInfo.getAdminRoles().add(TENANT_ADMIN_SUBJECT);
        this.superUserAdmin.tenants().updateTenant("public", tenantInfo);
        this.tenantManagerAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(TENANT_ADMIN_TOKEN)).build();
        this.superUserAdmin.tenants().createTenant(DefaultPasswordAuthImpl.DEFAULT_PASSWORD, tenantInfo);
        this.superUserAdmin.namespaces().createNamespace("pulsar/system");
    }

    @AfterClass(alwaysRun = true)
    public void cleanup() {
        close();
    }

    @Override // org.apache.pulsar.broker.admin.AuthZTest
    @BeforeMethod
    public void before() throws IllegalAccessException {
        this.orignalAuthorizationService = getPulsarService().getBrokerService().getAuthorizationService();
        this.authorizationService = (AuthorizationService) Mockito.spy(this.orignalAuthorizationService);
        FieldUtils.writeField(getPulsarService().getBrokerService(), "authorizationService", this.authorizationService, true);
    }

    @Override // org.apache.pulsar.broker.admin.AuthZTest
    @AfterMethod
    public void after() throws IllegalAccessException {
        FieldUtils.writeField(getPulsarService().getBrokerService(), "authorizationService", this.orignalAuthorizationService, true);
    }

    protected void createTransactionCoordinatorAssign(int i) throws MetadataStoreException {
        getPulsarService().getPulsarResources().getNamespaceResources().getPartitionedTopicResources().createPartitionedTopic(SystemTopicNames.TRANSACTION_COORDINATOR_ASSIGN, new PartitionedTopicMetadata(i));
    }

    /* JADX WARN: Type inference failed for: r0v46, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "authFunction")
    public Object[][] authFunction() throws Exception {
        String str = "my-sub";
        createTopic(this.testTopic, false);
        PulsarClient build = PulsarClient.builder().serviceUrl(getPulsarService().getBrokerServiceUrl()).authentication(new AuthenticationToken(SUPER_USER_TOKEN)).enableTransaction(true).build();
        try {
            Producer create = build.newProducer(Schema.STRING).topic(this.testTopic).create();
            try {
                Consumer subscribe = build.newConsumer(Schema.STRING).topic(new String[]{this.testTopic}).subscriptionName("my-sub").subscribe();
                try {
                    Transaction transaction = (Transaction) build.newTransaction().withTransactionTimeout(5L, TimeUnit.MINUTES).build().get();
                    MessageIdImpl send = create.newMessage().value("test message").send();
                    subscribe.acknowledgeAsync(send, transaction).get();
                    ?? r0 = {new Object[]{pulsarAdmin -> {
                        pulsarAdmin.schemas().getSchemaInfo(this.testTopic);
                    }, OperationAuthType.Lookup}, new Object[]{pulsarAdmin2 -> {
                        pulsarAdmin2.schemas().getSchemaInfo(this.testTopic, 0L);
                    }, OperationAuthType.Lookup}, new Object[]{pulsarAdmin3 -> {
                        pulsarAdmin3.schemas().getAllSchemas(this.testTopic);
                    }, OperationAuthType.Lookup}, new Object[]{pulsarAdmin4 -> {
                        pulsarAdmin4.schemas().createSchema(this.testTopic, SchemaInfo.builder().type(SchemaType.STRING).build());
                    }, OperationAuthType.Produce}, new Object[]{pulsarAdmin5 -> {
                        pulsarAdmin5.schemas().testCompatibility(this.testTopic, SchemaInfo.builder().type(SchemaType.STRING).build());
                    }, OperationAuthType.AdminOrSuperUser}, new Object[]{pulsarAdmin6 -> {
                        pulsarAdmin6.schemas().deleteSchema(this.testTopic);
                    }, OperationAuthType.AdminOrSuperUser}, new Object[]{pulsarAdmin7 -> {
                        pulsarAdmin7.transactions().abortTransaction(transaction.getTxnID());
                    }, OperationAuthType.AdminOrSuperUser}, new Object[]{pulsarAdmin8 -> {
                        pulsarAdmin8.transactions().scaleTransactionCoordinators(17);
                    }, OperationAuthType.AdminOrSuperUser}, new Object[]{pulsarAdmin9 -> {
                        pulsarAdmin9.transactions().getCoordinatorInternalStats(1, false);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin10 -> {
                        pulsarAdmin10.transactions().getCoordinatorStats();
                    }, OperationAuthType.AdminOrSuperUser}, new Object[]{pulsarAdmin11 -> {
                        pulsarAdmin11.transactions().getSlowTransactionsByCoordinatorId(1, 5L, TimeUnit.SECONDS);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin12 -> {
                        pulsarAdmin12.transactions().getTransactionMetadata(transaction.getTxnID());
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin13 -> {
                        pulsarAdmin13.transactions().listTransactionCoordinators();
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin14 -> {
                        pulsarAdmin14.transactions().getSlowTransactions(5L, TimeUnit.SECONDS);
                    }, OperationAuthType.AdminOrSuperUser}, new Object[]{pulsarAdmin15 -> {
                        pulsarAdmin15.transactions().getPendingAckInternalStats(this.testTopic, str, false);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin16 -> {
                        pulsarAdmin16.transactions().getPendingAckStats(this.testTopic, str, false);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin17 -> {
                        pulsarAdmin17.transactions().getPositionStatsInPendingAck(this.testTopic, str, Long.valueOf(send.getLedgerId()), Long.valueOf(send.getEntryId()), (Integer) null);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin18 -> {
                        pulsarAdmin18.transactions().getTransactionBufferInternalStats(this.testTopic, false);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin19 -> {
                        pulsarAdmin19.transactions().getTransactionBufferStats(this.testTopic, false);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin20 -> {
                        pulsarAdmin20.transactions().getTransactionBufferStats(this.testTopic, false);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin21 -> {
                        pulsarAdmin21.transactions().getTransactionInBufferStats(transaction.getTxnID(), this.testTopic);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin22 -> {
                        pulsarAdmin22.transactions().getTransactionInBufferStats(transaction.getTxnID(), this.testTopic);
                    }, OperationAuthType.NOAuth}, new Object[]{pulsarAdmin23 -> {
                        pulsarAdmin23.transactions().getTransactionInPendingAckStats(transaction.getTxnID(), this.testTopic, str);
                    }, OperationAuthType.NOAuth}};
                    if (Collections.singletonList(subscribe).get(0) != null) {
                        subscribe.close();
                    }
                    return r0;
                } catch (Throwable th) {
                    if (Collections.singletonList(subscribe).get(0) != null) {
                        subscribe.close();
                    }
                    throw th;
                }
            } finally {
                if (Collections.singletonList(create).get(0) != null) {
                    create.close();
                }
            }
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    @Test(dataProvider = "authFunction")
    public void testSchemaAndTransactionAuthorization(ThrowingBiConsumer<PulsarAdmin> throwingBiConsumer, OperationAuthType operationAuthType) throws Exception {
        String uuid = UUID.randomUUID().toString();
        PulsarAdmin build = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(Jwts.builder().claim("sub", uuid).signWith(SECRET_KEY).compact())).build();
        try {
            if (operationAuthType != OperationAuthType.AdminOrSuperUser) {
                throwingBiConsumer.accept(this.tenantManagerAdmin);
            }
            if (operationAuthType != OperationAuthType.NOAuth) {
                Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                    throwingBiConsumer.accept(build);
                });
            }
            AtomicBoolean atomicBoolean = null;
            if (operationAuthType == OperationAuthType.Lookup) {
                atomicBoolean = setAuthorizationTopicOperationChecker(uuid, TopicOperation.LOOKUP);
            } else if (operationAuthType == OperationAuthType.Produce) {
                atomicBoolean = setAuthorizationTopicOperationChecker(uuid, TopicOperation.PRODUCE);
            } else if (operationAuthType == OperationAuthType.Consume) {
                atomicBoolean = setAuthorizationTopicOperationChecker(uuid, TopicOperation.CONSUME);
            }
            for (AuthAction authAction : AuthAction.values()) {
                this.superUserAdmin.topics().grantPermission(this.testTopic, uuid, Set.of(authAction));
                if (authActionMatchOperation(operationAuthType, authAction)) {
                    throwingBiConsumer.accept(build);
                } else {
                    Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
                        throwingBiConsumer.accept(build);
                    });
                }
                this.superUserAdmin.topics().revokePermissions(this.testTopic, uuid);
            }
            if (atomicBoolean != null) {
                Assert.assertTrue(atomicBoolean.get());
            }
        } finally {
            if (Collections.singletonList(build).get(0) != null) {
                build.close();
            }
        }
    }

    private boolean authActionMatchOperation(OperationAuthType operationAuthType, AuthAction authAction) {
        switch (AnonymousClass1.$SwitchMap$org$apache$pulsar$broker$admin$TransactionAndSchemaAuthZTest$OperationAuthType[operationAuthType.ordinal()]) {
            case 1:
                return AuthAction.consume == authAction || AuthAction.produce == authAction;
            case 2:
                return AuthAction.consume == authAction;
            case Test.TestMessage.INTFIELD_FIELD_NUMBER /* 3 */:
                return AuthAction.produce == authAction;
            case Test.TestMessage.TESTENUM_FIELD_NUMBER /* 4 */:
                return false;
            case Test.TestMessage.NESTEDFIELD_FIELD_NUMBER /* 5 */:
                return true;
            default:
                return false;
        }
    }
}
