package org.apache.ignite.jdbc;

import java.io.File;
import java.security.Permissions;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.ignite.cache.CacheMode;
import org.apache.ignite.cache.CachePeekMode;
import org.apache.ignite.cluster.ClusterState;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.internal.IgniteEx;
import org.apache.ignite.internal.processors.security.AbstractSecurityTest;
import org.apache.ignite.internal.processors.security.impl.TestSecurityData;
import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider;
import org.apache.ignite.internal.util.IgniteUtils;
import org.apache.ignite.plugin.security.SecurityBasicPermissionSet;
import org.apache.ignite.plugin.security.SecurityPermission;
import org.apache.ignite.plugin.security.SecurityPermissionSet;
import org.apache.ignite.plugin.security.SecurityPermissionSetBuilder;
import org.apache.ignite.testframework.GridTestUtils;
import org.junit.Test;

/* loaded from: input_file:org/apache/ignite/jdbc/JdbcAuthorizationTest.class */
public class JdbcAuthorizationTest extends AbstractSecurityTest {
    private static final String TEST_DML_SCHEMA = "test_schema";
    private static final String JDBC_URL_PREFIX = "jdbc:ignite:thin://";
    private static final String TEST_BULKLOAD_CACHE = "test-bulkload-cache";
    private static final String TEST_CREATE_TABLE_CACHE = "test-create-table-cache";
    private static final String TEST_DROP_TABLE_CACHE = "test-drop-table-cache";
    private static final String CACHE_CREATE_SYS_PERM_USER = "cache-create-sys-perm-user";
    private static final String CACHE_DESTROY_SYS_PERMS_USER = "cache-destroy-sys-perm-user";
    private static final String CACHE_CREATE_CACHE_PERMS_USER = "cache-create-cache-perm-user";
    private static final String CACHE_DESTROY_CACHE_PERMS_USER = "cache-destroy-cache-perm-user";
    private static final String CACHE_READ_USER = "cache-read-user";
    private static final String CACHE_PUT_USER = "cache-put-user";
    private static final String CACHE_REMOVE_USER = "cache-remove-user";
    private static final String EMPTY_PERMS_USER = "empty-perms-user";
    private static final String TEST_DML_TABLE = "test_schema." + Integer.class.getSimpleName();
    private static final String BULKLOAD_CSV_FILE = ((File) Objects.requireNonNull(IgniteUtils.resolveIgnitePath("/modules/clients/src/test/resources/bulkload2.csv"))).getAbsolutePath();
    private static final AtomicInteger KEY_CNTR = new AtomicInteger();

    protected void beforeTestsStarted() throws Exception {
        super.beforeTestsStarted();
        IgniteEx startSecurityGrid = startSecurityGrid(0, new TestSecurityData(EMPTY_PERMS_USER, new SecurityBasicPermissionSet()), new TestSecurityData(CACHE_CREATE_SYS_PERM_USER, systemPermissions(SecurityPermission.CACHE_CREATE)), new TestSecurityData(CACHE_DESTROY_SYS_PERMS_USER, systemPermissions(SecurityPermission.CACHE_DESTROY)), new TestSecurityData(CACHE_CREATE_CACHE_PERMS_USER, cachePermissions(TEST_CREATE_TABLE_CACHE, SecurityPermission.CACHE_CREATE)), new TestSecurityData(CACHE_DESTROY_CACHE_PERMS_USER, cachePermissions(TEST_DROP_TABLE_CACHE, SecurityPermission.CACHE_DESTROY)), new TestSecurityData(CACHE_READ_USER, cachePermissions("default", SecurityPermission.CACHE_READ)), new TestSecurityData(CACHE_PUT_USER, SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendCachePermissions("default", new SecurityPermission[]{SecurityPermission.CACHE_PUT}).appendCachePermissions(TEST_BULKLOAD_CACHE, new SecurityPermission[]{SecurityPermission.CACHE_PUT}).build()), new TestSecurityData(CACHE_REMOVE_USER, cachePermissions("default", SecurityPermission.CACHE_REMOVE)));
        startSecurityGrid(1, new TestSecurityData[0]);
        startSecurityGrid.cluster().state(ClusterState.ACTIVE);
        CacheConfiguration cacheConfiguration = new CacheConfiguration("default");
        cacheConfiguration.setIndexedTypes(new Class[]{Integer.class, Integer.class});
        cacheConfiguration.setCacheMode(CacheMode.REPLICATED);
        cacheConfiguration.setSqlSchema(TEST_DML_SCHEMA);
        startSecurityGrid.createCache(cacheConfiguration);
    }

    @Test
    public void testInsert() throws Exception {
        String str = "INSERT INTO " + TEST_DML_TABLE + "(_key, _val) VALUES (" + KEY_CNTR.getAndIncrement() + ", 0);";
        assertAuthorizationFailed(str, EMPTY_PERMS_USER);
        assertAuthorizationFailed(str, CACHE_READ_USER);
        assertAuthorizationFailed(str, CACHE_REMOVE_USER);
        int size = ignite(0).cache("default").size(new CachePeekMode[0]);
        execute(str, CACHE_PUT_USER);
        assertEquals(size + 1, ignite(0).cache("default").size(new CachePeekMode[0]));
    }

    @Test
    public void testCopyFrom() throws Exception {
        execute("CREATE TABLE test_table_copy_from(id LONG PRIMARY KEY, first_name VARCHAR, last_name VARCHAR, age LONG) WITH \"TEMPLATE=REPLICATED, CACHE_NAME=" + TEST_BULKLOAD_CACHE + "\";", CACHE_CREATE_SYS_PERM_USER);
        String str = "COPY FROM '" + BULKLOAD_CSV_FILE + "' INTO test_table_copy_from(id, age, first_name, last_name) FORMAT csv";
        assertAuthorizationFailed(str, EMPTY_PERMS_USER);
        assertAuthorizationFailed(str, CACHE_READ_USER);
        assertAuthorizationFailed(str, CACHE_REMOVE_USER);
        assertEquals(0, ignite(0).cache(TEST_BULKLOAD_CACHE).size(new CachePeekMode[0]));
        execute(str, CACHE_PUT_USER);
        assertEquals(2, ignite(0).cache(TEST_BULKLOAD_CACHE).size(new CachePeekMode[0]));
    }

    @Test
    public void testSelect() throws Exception {
        String str = "SELECT _val FROM " + TEST_DML_TABLE + " WHERE _key=" + insertKey() + ";";
        assertAuthorizationFailed(str, EMPTY_PERMS_USER);
        assertAuthorizationFailed(str, CACHE_REMOVE_USER);
        assertAuthorizationFailed(str, CACHE_PUT_USER);
        execute(str, CACHE_READ_USER);
    }

    @Test
    public void testUpdate() throws Exception {
        String str = "UPDATE " + TEST_DML_TABLE + " SET _val=1 WHERE _key=" + insertKey() + ';';
        assertAuthorizationFailed(str, EMPTY_PERMS_USER);
        assertAuthorizationFailed(str, CACHE_REMOVE_USER);
        assertAuthorizationFailed(str, CACHE_READ_USER);
        execute(str, CACHE_PUT_USER);
    }

    @Test
    public void testDelete() throws Exception {
        String str = "DELETE FROM " + TEST_DML_TABLE + " WHERE _key=" + insertKey() + ';';
        assertAuthorizationFailed(str, EMPTY_PERMS_USER);
        assertAuthorizationFailed(str, CACHE_PUT_USER);
        assertAuthorizationFailed(str, CACHE_READ_USER);
        execute(str, CACHE_REMOVE_USER);
    }

    @Test
    public void testMerge() throws Exception {
        String str = "MERGE INTO " + TEST_DML_TABLE + "(_key, _val) VALUES (" + insertKey() + ", 0);";
        assertAuthorizationFailed(str, EMPTY_PERMS_USER);
        assertAuthorizationFailed(str, CACHE_REMOVE_USER);
        assertAuthorizationFailed(str, CACHE_READ_USER);
        execute(str, CACHE_PUT_USER);
    }

    @Test
    public void testCreateTableSystemPermissions() throws Exception {
        assertAuthorizationFailed("CREATE TABLE sys_perm_table_create(id LONG PRIMARY KEY, val VARCHAR) WITH \"TEMPLATE=REPLICATED\";", EMPTY_PERMS_USER);
        execute("CREATE TABLE sys_perm_table_create(id LONG PRIMARY KEY, val VARCHAR) WITH \"TEMPLATE=REPLICATED\";", CACHE_CREATE_SYS_PERM_USER);
    }

    @Test
    public void testCreateTableCachePermissions() throws Exception {
        assertAuthorizationFailed("CREATE TABLE cache_perm_table_create(id LONG PRIMARY KEY, val VARCHAR) WITH \"TEMPLATE=REPLICATED, CACHE_NAME=test-create-table-cache\";", EMPTY_PERMS_USER);
        execute("CREATE TABLE cache_perm_table_create(id LONG PRIMARY KEY, val VARCHAR) WITH \"TEMPLATE=REPLICATED, CACHE_NAME=test-create-table-cache\";", CACHE_CREATE_CACHE_PERMS_USER);
    }

    @Test
    public void testDropTableSystemPermissions() throws Exception {
        execute("CREATE TABLE test_sys_perm_table_drop(id LONG PRIMARY KEY, val VARCHAR)  WITH \"TEMPLATE=REPLICATED\";", CACHE_CREATE_SYS_PERM_USER);
        String str = "DROP TABLE test_sys_perm_table_drop;";
        assertAuthorizationFailed(str, EMPTY_PERMS_USER);
        execute(str, CACHE_DESTROY_SYS_PERMS_USER);
    }

    @Test
    public void testDropTableCachePermissions() throws Exception {
        execute("CREATE TABLE test_cache_perm_table_drop(id LONG PRIMARY KEY, val VARCHAR) WITH \"TEMPLATE=REPLICATED, CACHE_NAME=" + TEST_DROP_TABLE_CACHE + "\";", CACHE_CREATE_SYS_PERM_USER);
        String str = "DROP TABLE test_cache_perm_table_drop;";
        assertAuthorizationFailed(str, EMPTY_PERMS_USER);
        execute(str, CACHE_DESTROY_CACHE_PERMS_USER);
    }

    private int insertKey() throws Exception {
        int andIncrement = KEY_CNTR.getAndIncrement();
        execute("INSERT INTO " + TEST_DML_TABLE + "(_key, _val) VALUES (" + andIncrement + ", 0);", CACHE_PUT_USER);
        return andIncrement;
    }

    private void assertAuthorizationFailed(String str, String str2) {
        GridTestUtils.assertThrowsAnyCause(log, () -> {
            execute(str, str2);
            return null;
        }, SQLException.class, "Authorization failed");
    }

    private void execute(String str, String str2) throws Exception {
        Connection connection = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1:10800", str2, "");
        Throwable th = null;
        try {
            try {
                connection.prepareStatement(str).execute();
                if (connection != null) {
                    if (0 == 0) {
                        connection.close();
                        return;
                    }
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (connection != null) {
                if (th != null) {
                    try {
                        connection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    connection.close();
                }
            }
            throw th4;
        }
    }

    private IgniteEx startSecurityGrid(int i, TestSecurityData... testSecurityDataArr) throws Exception {
        String testIgniteInstanceName = getTestIgniteInstanceName(i);
        return startGrid(getConfiguration(testIgniteInstanceName, new TestSecurityPluginProvider(testIgniteInstanceName, "", serverPermissions(), (Permissions) null, false, testSecurityDataArr)));
    }

    private SecurityPermissionSet systemPermissions(SecurityPermission... securityPermissionArr) {
        return SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendSystemPermissions(securityPermissionArr).build();
    }

    private SecurityPermissionSet serverPermissions() {
        return SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendSystemPermissions(new SecurityPermission[]{SecurityPermission.CACHE_CREATE, SecurityPermission.JOIN_AS_SERVER}).appendTaskPermissions("org.apache.ignite.internal.processors.cache.GridCacheAdapter$SizeTask", new SecurityPermission[]{SecurityPermission.TASK_EXECUTE}).build();
    }

    private SecurityPermissionSet cachePermissions(String str, SecurityPermission... securityPermissionArr) {
        return SecurityPermissionSetBuilder.create().defaultAllowAll(false).appendCachePermissions(str, securityPermissionArr).build();
    }
}
