package org.apache.pinot.broker.broker;

import com.google.common.collect.ArrayListMultimap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.ws.rs.WebApplicationException;
import org.apache.pinot.broker.api.AccessControl;
import org.apache.pinot.broker.api.HttpRequesterIdentity;
import org.apache.pinot.broker.api.RequesterIdentity;
import org.apache.pinot.common.request.BrokerRequest;
import org.apache.pinot.common.request.QuerySource;
import org.apache.pinot.spi.auth.AuthorizationResult;
import org.apache.pinot.spi.auth.TableAuthorizationResult;
import org.apache.pinot.spi.env.PinotConfiguration;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/pinot/broker/broker/BasicAuthAccessControlTest.class */
public class BasicAuthAccessControlTest {
    private static final String TOKEN_USER = "Basic dXNlcjpzZWNyZXQ";
    private static final String TOKEN_ADMIN = "Basic YWRtaW46dmVyeXNlY3JldA";
    private static final String HEADER_AUTHORIZATION = "authorization";
    private AccessControl _accessControl;
    Set<String> _tableNames;

    @BeforeClass
    public void setup() {
        HashMap hashMap = new HashMap();
        hashMap.put("principals", "admin,user");
        hashMap.put("principals.admin.password", "verysecret");
        hashMap.put("principals.user.password", "secret");
        hashMap.put("principals.user.tables", "lessImportantStuff,lesserImportantStuff,leastImportantStuff");
        this._tableNames = new HashSet();
        this._tableNames.add("lessImportantStuff");
        this._tableNames.add("lesserImportantStuff");
        this._tableNames.add("leastImportantStuff");
        BasicAuthAccessControlFactory basicAuthAccessControlFactory = new BasicAuthAccessControlFactory();
        basicAuthAccessControlFactory.init(new PinotConfiguration(hashMap));
        this._accessControl = basicAuthAccessControlFactory.create();
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void testNullEntity() {
        this._accessControl.authorize((RequesterIdentity) null, (BrokerRequest) null);
    }

    @Test
    public void testNullToken() {
        ArrayListMultimap create = ArrayListMultimap.create();
        HttpRequesterIdentity httpRequesterIdentity = new HttpRequesterIdentity();
        httpRequesterIdentity.setHttpHeaders(create);
        try {
            this._accessControl.authorize(httpRequesterIdentity, (BrokerRequest) null);
        } catch (WebApplicationException e) {
            Assert.assertEquals(e.getResponse().getStatus(), 401, "must return 401");
        }
    }

    @Test
    public void testAllow() {
        ArrayListMultimap create = ArrayListMultimap.create();
        create.put(HEADER_AUTHORIZATION, TOKEN_USER);
        HttpRequesterIdentity httpRequesterIdentity = new HttpRequesterIdentity();
        httpRequesterIdentity.setHttpHeaders(create);
        QuerySource querySource = new QuerySource();
        querySource.setTableName("lessImportantStuff");
        BrokerRequest brokerRequest = new BrokerRequest();
        brokerRequest.setQuerySource(querySource);
        Assert.assertTrue(this._accessControl.authorize(httpRequesterIdentity, brokerRequest).hasAccess());
        Assert.assertTrue(this._accessControl.authorize(httpRequesterIdentity, this._tableNames).hasAccess());
    }

    @Test
    public void testDeny() {
        ArrayListMultimap create = ArrayListMultimap.create();
        create.put(HEADER_AUTHORIZATION, TOKEN_USER);
        HttpRequesterIdentity httpRequesterIdentity = new HttpRequesterIdentity();
        httpRequesterIdentity.setHttpHeaders(create);
        QuerySource querySource = new QuerySource();
        querySource.setTableName("veryImportantStuff");
        BrokerRequest brokerRequest = new BrokerRequest();
        brokerRequest.setQuerySource(querySource);
        AuthorizationResult authorize = this._accessControl.authorize(httpRequesterIdentity, brokerRequest);
        Assert.assertFalse(authorize.hasAccess());
        Assert.assertEquals(authorize.getFailureMessage(), "Authorization Failed for tables: [veryImportantStuff]");
        HashSet hashSet = new HashSet();
        hashSet.add("veryImportantStuff");
        TableAuthorizationResult authorize2 = this._accessControl.authorize(httpRequesterIdentity, hashSet);
        Assert.assertFalse(authorize2.hasAccess());
        Assert.assertEquals(authorize2.getFailureMessage(), "Authorization Failed for tables: [veryImportantStuff]");
        hashSet.add("lessImportantStuff");
        TableAuthorizationResult authorize3 = this._accessControl.authorize(httpRequesterIdentity, hashSet);
        Assert.assertFalse(authorize3.hasAccess());
        Assert.assertEquals(authorize3.getFailureMessage(), "Authorization Failed for tables: [veryImportantStuff]");
        hashSet.add("lesserImportantStuff");
        TableAuthorizationResult authorize4 = this._accessControl.authorize(httpRequesterIdentity, hashSet);
        Assert.assertFalse(authorize4.hasAccess());
        Assert.assertEquals(authorize4.getFailureMessage(), "Authorization Failed for tables: [veryImportantStuff]");
    }

    @Test
    public void testAllowAll() {
        ArrayListMultimap create = ArrayListMultimap.create();
        create.put(HEADER_AUTHORIZATION, TOKEN_ADMIN);
        HttpRequesterIdentity httpRequesterIdentity = new HttpRequesterIdentity();
        httpRequesterIdentity.setHttpHeaders(create);
        QuerySource querySource = new QuerySource();
        querySource.setTableName("veryImportantStuff");
        BrokerRequest brokerRequest = new BrokerRequest();
        brokerRequest.setQuerySource(querySource);
        AuthorizationResult authorize = this._accessControl.authorize(httpRequesterIdentity, brokerRequest);
        Assert.assertTrue(authorize.hasAccess());
        Assert.assertEquals(authorize.getFailureMessage(), "");
        HashSet hashSet = new HashSet();
        hashSet.add("lessImportantStuff");
        hashSet.add("veryImportantStuff");
        hashSet.add("lesserImportantStuff");
        TableAuthorizationResult authorize2 = this._accessControl.authorize(httpRequesterIdentity, hashSet);
        Assert.assertTrue(authorize2.hasAccess());
        Assert.assertEquals(authorize2.getFailureMessage(), "");
    }

    @Test
    public void testAllowNonTable() {
        ArrayListMultimap create = ArrayListMultimap.create();
        create.put(HEADER_AUTHORIZATION, TOKEN_USER);
        HttpRequesterIdentity httpRequesterIdentity = new HttpRequesterIdentity();
        httpRequesterIdentity.setHttpHeaders(create);
        Assert.assertTrue(this._accessControl.authorize(httpRequesterIdentity, new BrokerRequest()).hasAccess());
        Assert.assertTrue(this._accessControl.authorize(httpRequesterIdentity, new HashSet()).hasAccess());
    }

    @Test
    public void testNormalizeToken() {
        ArrayListMultimap create = ArrayListMultimap.create();
        create.put(HEADER_AUTHORIZATION, "  Basic dXNlcjpzZWNyZXQ== ");
        HttpRequesterIdentity httpRequesterIdentity = new HttpRequesterIdentity();
        httpRequesterIdentity.setHttpHeaders(create);
        QuerySource querySource = new QuerySource();
        querySource.setTableName("lessImportantStuff");
        BrokerRequest brokerRequest = new BrokerRequest();
        brokerRequest.setQuerySource(querySource);
        Assert.assertTrue(this._accessControl.authorize(httpRequesterIdentity, brokerRequest).hasAccess());
        Assert.assertTrue(this._accessControl.authorize(httpRequesterIdentity, this._tableNames).hasAccess());
    }
}
