package org.apache.pulsar.broker.admin;

import java.util.Set;
import java.util.UUID;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authorization.AuthorizationService;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.policies.data.TenantOperation;
import org.apache.pulsar.security.MockedPulsarStandalone;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

@Test(groups = {"broker-admin"})
/* loaded from: input_file:org/apache/pulsar/broker/admin/TenantEndpointsAuthorizationTest.class */
public class TenantEndpointsAuthorizationTest extends MockedPulsarStandalone {
    private AuthorizationService orignalAuthorizationService;
    private AuthorizationService spyAuthorizationService;
    private PulsarAdmin superUserAdmin;
    private PulsarAdmin nobodyAdmin;

    @BeforeClass(alwaysRun = true)
    public void setup() {
        configureTokenAuthentication();
        configureDefaultAuthorization();
        start();
        this.superUserAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(SUPER_USER_TOKEN)).build();
        this.nobodyAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(NOBODY_TOKEN)).build();
    }

    @BeforeMethod(alwaysRun = true)
    public void before() throws IllegalAccessException {
        this.orignalAuthorizationService = getPulsarService().getBrokerService().getAuthorizationService();
        this.spyAuthorizationService = (AuthorizationService) Mockito.spy(this.orignalAuthorizationService);
        FieldUtils.writeField(getPulsarService().getBrokerService(), "authorizationService", this.spyAuthorizationService, true);
    }

    @AfterMethod(alwaysRun = true)
    public void after() throws IllegalAccessException {
        if (this.orignalAuthorizationService != null) {
            FieldUtils.writeField(getPulsarService().getBrokerService(), "authorizationService", this.orignalAuthorizationService, true);
        }
    }

    @AfterClass(alwaysRun = true)
    public void cleanup() {
        if (this.superUserAdmin != null) {
            this.superUserAdmin.close();
            this.superUserAdmin = null;
        }
        this.spyAuthorizationService = null;
        this.orignalAuthorizationService = null;
        super.close();
    }

    @Test
    public void testListTenants() throws PulsarAdminException {
        this.superUserAdmin.tenants().getTenants();
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowTenantOperationAsync((String) ArgumentMatchers.isNull(), (TenantOperation) Mockito.eq(TenantOperation.LIST_TENANTS), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.tenants().getTenants();
        });
    }

    @Test
    public void testGetTenant() throws PulsarAdminException {
        String str = "public";
        this.superUserAdmin.tenants().getTenantInfo("public");
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowTenantOperationAsync((String) ArgumentMatchers.eq("public"), (TenantOperation) Mockito.eq(TenantOperation.GET_TENANT), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.tenants().getTenantInfo(str);
        });
    }

    @Test
    public void testUpdateTenant() throws PulsarAdminException {
        String str = "public";
        this.superUserAdmin.tenants().updateTenant("public", TenantInfo.builder().allowedClusters(Set.of(getPulsarService().getConfiguration().getClusterName())).adminRoles(Set.of("example")).build());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowTenantOperationAsync((String) ArgumentMatchers.eq("public"), (TenantOperation) Mockito.eq(TenantOperation.UPDATE_TENANT), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.tenants().updateTenant(str, TenantInfo.builder().adminRoles(Set.of("example")).build());
        });
    }

    @Test
    public void testDeleteTenant() throws PulsarAdminException {
        String uuid = UUID.randomUUID().toString();
        this.superUserAdmin.tenants().createTenant(uuid, TenantInfo.builder().allowedClusters(Set.of(getPulsarService().getConfiguration().getClusterName())).adminRoles(Set.of("example")).build());
        Mockito.clearInvocations(new AuthorizationService[]{this.spyAuthorizationService});
        this.superUserAdmin.tenants().deleteTenant(uuid);
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowTenantOperationAsync((String) ArgumentMatchers.eq(uuid), (TenantOperation) Mockito.eq(TenantOperation.DELETE_TENANT), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.tenants().deleteTenant(uuid);
        });
    }
}
