package com.cloudera.api.filter;

import com.beust.jcommander.internal.Lists;
import com.cloudera.api.internal.Internal;
import com.cloudera.api.model.ApiConfigList;
import com.cloudera.api.model.ApiDashboardList;
import com.cloudera.api.model.ApiHostNameList;
import com.cloudera.api.model.ApiRoleConfigGroup;
import com.cloudera.api.model.ApiRoleConfigGroupList;
import com.cloudera.api.model.ApiRoleNameList;
import com.cloudera.api.model.ApiServiceConfig;
import com.cloudera.api.v1.impl.MgmtServiceResourceImpl;
import com.cloudera.api.v1.impl.RolesResourceImpl;
import com.cloudera.api.v1.impl.ServicesResourceImpl;
import com.cloudera.api.v16.impl.ExternalAccountsResourceV16Impl;
import com.cloudera.api.v2.impl.ClouderaManagerResourceV2Impl;
import com.cloudera.api.v2.impl.ClustersResourceV2Impl;
import com.cloudera.api.v2.impl.HostsResourceV2Impl;
import com.cloudera.api.v2.impl.RolesResourceV2Impl;
import com.cloudera.api.v2.impl.ServicesResourceV2Impl;
import com.cloudera.api.v3.impl.MgmtServiceResourceV3Impl;
import com.cloudera.api.v3.impl.RoleConfigGroupsResourceImpl;
import com.cloudera.api.v6.impl.DashboardsResourceImpl;
import com.cloudera.cmf.service.config.MetricsSourceConfigEvaluatorTest;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.server.cmf.CurrentUserManager;
import com.cloudera.server.cmf.components.Authorizer;
import com.cloudera.server.cmf.components.CurrentUserManagerMock;
import com.cloudera.server.web.cmf.AppContext;
import com.cloudera.server.web.cmf.AppContextTestUtil;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.core.MultivaluedHashMap;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.ArgumentMatcher;
import org.mockito.Mockito;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;

/* loaded from: input_file:com/cloudera/api/filter/ApiAuthFilterTest.class */
public class ApiAuthFilterTest {
    private static AppContextTestUtil appCtxUtil;
    private static CurrentUserManagerMock userManager;
    private static Authorizer authorizer;

    /* loaded from: input_file:com/cloudera/api/filter/ApiAuthFilterTest$ASuperClass.class */
    private static abstract class ASuperClass implements AnInterface {
        private ASuperClass() {
        }

        @Override // com.cloudera.api.filter.ApiAuthFilterTest.AnInterface
        @POST
        public void postMethod() {
        }

        @Override // com.cloudera.api.filter.ApiAuthFilterTest.AnInterface
        @PermitAll
        public abstract void putMethod();

        @GET
        @RolesAllowed({"parent"})
        public void protectedGetMethod() {
        }
    }

    /* loaded from: input_file:com/cloudera/api/filter/ApiAuthFilterTest$AnImplementation.class */
    private static class AnImplementation extends ASuperClass {
        private AnImplementation() {
            super();
        }

        @Override // com.cloudera.api.filter.ApiAuthFilterTest.AnInterface
        public void getMethod() {
        }

        @Override // com.cloudera.api.filter.ApiAuthFilterTest.ASuperClass, com.cloudera.api.filter.ApiAuthFilterTest.AnInterface
        public void postMethod() {
        }

        @Override // com.cloudera.api.filter.ApiAuthFilterTest.ASuperClass, com.cloudera.api.filter.ApiAuthFilterTest.AnInterface
        @PUT
        public void putMethod() {
        }

        @Override // com.cloudera.api.filter.ApiAuthFilterTest.ASuperClass
        @RolesAllowed({"child"})
        public void protectedGetMethod() {
        }

        @GET
        @Internal
        public void internalMethod() {
        }

        @POST
        @Internal
        public void internalPostMethod() {
        }

        @Override // com.cloudera.api.filter.ApiAuthFilterTest.AnInterface
        public void authorizedMethod(Long l) {
        }
    }

    /* loaded from: input_file:com/cloudera/api/filter/ApiAuthFilterTest$AnInterface.class */
    private interface AnInterface {
        @GET
        void getMethod();

        void postMethod();

        void putMethod();

        @PreAuthorize("@authorizer.cmd(authentication, #id)")
        void authorizedMethod(Long l);
    }

    @PermitAll
    /* loaded from: input_file:com/cloudera/api/filter/ApiAuthFilterTest$AnotherImplementation.class */
    private static class AnotherImplementation {
        private AnotherImplementation() {
        }

        @POST
        public void postMethod() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cloudera/api/filter/ApiAuthFilterTest$AuthenticationMatcher.class */
    public static class AuthenticationMatcher extends ArgumentMatcher<Authentication> {
        private final Collection<? extends GrantedAuthority> authorities;

        AuthenticationMatcher(UserRole userRole) {
            this.authorities = AuthorityUtils.createAuthorityList((String[]) userRole.auth.toArray(new String[0]));
        }

        public boolean matches(Object obj) {
            return this.authorities.equals(((Authentication) obj).getAuthorities());
        }
    }

    @BeforeClass
    public static void beforeClass() {
        appCtxUtil = new AppContextTestUtil();
        userManager = new CurrentUserManagerMock();
        appCtxUtil.before();
        appCtxUtil.addBean((Class<? extends Class>) CurrentUserManager.class, (Class) userManager);
        authorizer = (Authorizer) appCtxUtil.addMockedBean("authorizer", Authorizer.class);
    }

    @AfterClass
    public static void afterClass() {
        appCtxUtil.after();
    }

    @After
    public void afterTest() {
        userManager.reset();
        Mockito.reset(new Authorizer[]{authorizer});
    }

    private void checkMethod(Class<?> cls, String str, Class<?>... clsArr) {
        checkMethod(cls, str, ImmutableList.of(), clsArr);
    }

    private void checkMethod(Class<?> cls, String str, List<?> list, Class<?>... clsArr) {
        Method method = null;
        try {
            method = cls.getMethod(str, clsArr);
        } catch (Exception e) {
            Throwables.propagate(e);
        }
        new ApiAuthFilter(userManager, AppContext.getApplicationContext()).doAuthCheck(new FilterContext(str, cls, method, list, new MultivaluedHashMap(), false, ImmutableMap.of()));
    }

    private void checkUnauthorized(Class<?> cls, String str, Class<?>... clsArr) {
        checkUnauthorized(cls, str, ImmutableList.of(), clsArr);
    }

    private void checkUnauthorized(Class<?> cls, String str, List<?> list, Class<?>... clsArr) {
        try {
            checkMethod(cls, str, list, clsArr);
            Assert.fail(String.format("%s.%s() should have failed auth check.", cls.getName(), str));
        } catch (SecurityException e) {
        }
    }

    private void checkAuthorization(boolean z, Class<?> cls, String str, List<?> list, Class<?>... clsArr) {
        if (z) {
            checkMethod(cls, str, list, clsArr);
        } else {
            checkUnauthorized(cls, str, list, clsArr);
        }
    }

    private void checkClasses(Set<Class<?>> set, String str, Class<?>... clsArr) {
        Iterator<Class<?>> it = set.iterator();
        while (it.hasNext()) {
            checkMethod(it.next(), str, clsArr);
        }
    }

    private void checkUnauthorizedClasses(Set<Class<?>> set, String str, Class<?>... clsArr) {
        Iterator<Class<?>> it = set.iterator();
        while (it.hasNext()) {
            checkUnauthorized(it.next(), str, clsArr);
        }
    }

    @Test
    public void testSecurityPolicy() {
        userManager.setUserRole(UserRole.ROLE_USER);
        checkMethod(AnImplementation.class, "getMethod", new Class[0]);
        checkUnauthorized(AnImplementation.class, "postMethod", new Class[0]);
        checkMethod(AnImplementation.class, "putMethod", new Class[0]);
        checkUnauthorized(AnImplementation.class, "protectedGetMethod", new Class[0]);
        checkMethod(AnotherImplementation.class, "postMethod", new Class[0]);
        checkUnauthorized(AnImplementation.class, "internalMethod", new Class[0]);
    }

    @Test
    public void testAdminUser() {
        checkMethod(AnImplementation.class, "postMethod", new Class[0]);
        checkMethod(AnImplementation.class, "internalMethod", new Class[0]);
        checkMethod(AnImplementation.class, "internalPostMethod", new Class[0]);
    }

    @Test
    public void testInternalUser() {
        userManager.setUserRole(UserRole.ROLE_USER);
        userManager.setUsername("__cloudera_internal_user__-foo");
        checkUnauthorized(AnImplementation.class, "postMethod", new Class[0]);
        checkMethod(AnImplementation.class, "internalMethod", new Class[0]);
        checkMethod(AnImplementation.class, "internalPostMethod", new Class[0]);
    }

    @Test
    public void testLimitedOperator() {
        ApiHostNameList apiHostNameList = new ApiHostNameList(Lists.newArrayList(new String[]{"h1"}));
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).hasAuthorityOnHosts((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_USER)), (String) Mockito.eq("AUTH_DECOMMISSION_HOST"), (ApiHostNameList) Mockito.eq(apiHostNameList));
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).hasAuthorityOnHosts((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_LIMITED)), (String) Mockito.eq("AUTH_DECOMMISSION_HOST"), (ApiHostNameList) Mockito.eq(apiHostNameList));
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).hasAuthorityOnHosts((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_OPERATOR)), (String) Mockito.eq("AUTH_DECOMMISSION_HOST"), (ApiHostNameList) Mockito.eq(apiHostNameList));
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).hasAuthorityOnHosts((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_ADMIN)), (String) Mockito.eq("AUTH_DECOMMISSION_HOST"), (ApiHostNameList) Mockito.eq(apiHostNameList));
        userManager.setUserRole(UserRole.ROLE_USER);
        checkUnauthorized(ClouderaManagerResourceV2Impl.class, "hostsDecommissionCommand", Lists.newArrayList(new ApiHostNameList[]{apiHostNameList}), ApiHostNameList.class);
        userManager.setUserRole(UserRole.ROLE_LIMITED);
        checkMethod(ClouderaManagerResourceV2Impl.class, "hostsDecommissionCommand", Lists.newArrayList(new ApiHostNameList[]{apiHostNameList}), ApiHostNameList.class);
        userManager.setUserRole(UserRole.ROLE_OPERATOR);
        checkMethod(ClouderaManagerResourceV2Impl.class, "hostsDecommissionCommand", Lists.newArrayList(new ApiHostNameList[]{apiHostNameList}), ApiHostNameList.class);
        userManager.setUserRole(UserRole.ROLE_ADMIN);
        checkMethod(ClouderaManagerResourceV2Impl.class, "hostsDecommissionCommand", Lists.newArrayList(new ApiHostNameList[]{apiHostNameList}), ApiHostNameList.class);
    }

    @Test
    public void testOperator() {
        ApiHostNameList apiHostNameList = new ApiHostNameList(ImmutableList.of("hostname"));
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).hostCmd((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_USER)), (String) Mockito.eq("HostsBringUp"), (ApiHostNameList) Mockito.eq(apiHostNameList));
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).hostCmd((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_LIMITED)), (String) Mockito.eq("HostsBringUp"), (ApiHostNameList) Mockito.eq(apiHostNameList));
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).hostCmd((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_OPERATOR)), (String) Mockito.eq("HostsBringUp"), (ApiHostNameList) Mockito.eq(apiHostNameList));
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).hostCmd((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_ADMIN)), (String) Mockito.eq("HostsBringUp"), (ApiHostNameList) Mockito.eq(apiHostNameList));
        userManager.setUserRole(UserRole.ROLE_USER);
        checkUnauthorized(ClouderaManagerResourceV2Impl.class, "hostsStartRolesCommand", ImmutableList.of(apiHostNameList), ApiHostNameList.class);
        userManager.setUserRole(UserRole.ROLE_LIMITED);
        checkUnauthorized(ClouderaManagerResourceV2Impl.class, "hostsStartRolesCommand", ImmutableList.of(apiHostNameList), ApiHostNameList.class);
        userManager.setUserRole(UserRole.ROLE_OPERATOR);
        checkMethod(ClouderaManagerResourceV2Impl.class, "hostsStartRolesCommand", ImmutableList.of(apiHostNameList), ApiHostNameList.class);
        userManager.setUserRole(UserRole.ROLE_ADMIN);
        checkMethod(ClouderaManagerResourceV2Impl.class, "hostsStartRolesCommand", ImmutableList.of(apiHostNameList), ApiHostNameList.class);
    }

    @Test
    public void testConfigurator() {
        ImmutableSet of = ImmutableSet.of(ClustersResourceV2Impl.class, ServicesResourceV2Impl.class, RolesResourceV2Impl.class, HostsResourceV2Impl.class);
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).serviceTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_OPERATOR)), Mockito.anyString());
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).serviceTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), Mockito.anyString());
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_OPERATOR)), (ApiRoleNameList) Mockito.any(ApiRoleNameList.class));
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), (ApiRoleNameList) Mockito.any(ApiRoleNameList.class));
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_OPERATOR)), Long.valueOf(Mockito.anyLong()), Mockito.anyString());
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), Long.valueOf(Mockito.anyLong()), Mockito.anyString());
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_OPERATOR)), Mockito.anyString());
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), Mockito.anyString());
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_OPERATOR)), Mockito.anyString(), (ApiRoleConfigGroupList) Mockito.any(ApiRoleConfigGroupList.class));
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), Mockito.anyString(), (ApiRoleConfigGroupList) Mockito.any(ApiRoleConfigGroupList.class));
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).configGroup((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_OPERATOR)), Mockito.anyString());
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).configGroup((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), Mockito.anyString());
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).serviceTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), (String) Mockito.eq(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER));
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).roleTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), (String) Mockito.eq("mgmtrole"));
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).configGroup((Authentication) Mockito.argThat(new AuthenticationMatcher(UserRole.ROLE_CONFIGURATOR)), (String) Mockito.eq("mgmtgroup"));
        userManager.setUserRole(UserRole.ROLE_OPERATOR);
        checkUnauthorizedClasses(of, "enterMaintenanceMode", String.class);
        checkUnauthorizedClasses(of, "exitMaintenanceMode", String.class);
        checkUnauthorized(DashboardsResourceImpl.class, "createDashboards", ApiDashboardList.class);
        checkUnauthorized(DashboardsResourceImpl.class, "deleteDashboard", String.class);
        checkUnauthorized(RolesResourceImpl.class, "updateRoleConfig", ImmutableList.of("role", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, String.class, ApiConfigList.class);
        checkUnauthorized(ServicesResourceImpl.class, "updateServiceConfig", ImmutableList.of("service", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiServiceConfig()), String.class, String.class, ApiServiceConfig.class);
        checkUnauthorized(RoleConfigGroupsResourceImpl.class, "createRoleConfigGroups", ImmutableList.of(new ApiRoleConfigGroupList()), ApiRoleConfigGroupList.class);
        checkUnauthorized(RoleConfigGroupsResourceImpl.class, "updateRoleConfigGroup", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiRoleConfigGroup(), MetricsSourceConfigEvaluatorTest.PLACE_HOLDER), String.class, ApiRoleConfigGroup.class, String.class);
        checkUnauthorized(RoleConfigGroupsResourceImpl.class, "deleteRoleConfigGroup", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER), String.class);
        checkUnauthorized(RoleConfigGroupsResourceImpl.class, "moveRoles", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiRoleNameList()), String.class, ApiRoleNameList.class);
        checkUnauthorized(RoleConfigGroupsResourceImpl.class, "moveRolesToBaseGroup", ImmutableList.of(new ApiRoleNameList()), ApiRoleNameList.class);
        checkUnauthorized(RoleConfigGroupsResourceImpl.class, "updateConfig", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, String.class, ApiConfigList.class);
        checkUnauthorized(MgmtServiceResourceImpl.RolesResourceWrapper.class, "updateRoleConfig", ImmutableList.of("role", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, String.class, ApiConfigList.class);
        checkUnauthorized(MgmtServiceResourceImpl.class, "updateServiceConfig", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiServiceConfig()), String.class, ApiServiceConfig.class);
        checkUnauthorized(MgmtServiceResourceV3Impl.RoleConfigGroupsResourceWrapper.class, "updateRoleConfigGroup", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiRoleConfigGroup(), MetricsSourceConfigEvaluatorTest.PLACE_HOLDER), String.class, ApiRoleConfigGroup.class, String.class);
        checkUnauthorized(MgmtServiceResourceV3Impl.RoleConfigGroupsResourceWrapper.class, "updateConfig", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, String.class, ApiConfigList.class);
        userManager.setUserRole(UserRole.ROLE_CONFIGURATOR);
        checkClasses(of, "enterMaintenanceMode", String.class);
        checkClasses(of, "exitMaintenanceMode", String.class);
        checkUnauthorized(DashboardsResourceImpl.class, "createDashboards", ApiDashboardList.class);
        checkUnauthorized(DashboardsResourceImpl.class, "deleteDashboard", String.class);
        checkMethod(RolesResourceImpl.class, "updateRoleConfig", ImmutableList.of("role", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, String.class, ApiConfigList.class);
        checkMethod(ServicesResourceImpl.class, "updateServiceConfig", ImmutableList.of("service", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiServiceConfig()), String.class, String.class, ApiServiceConfig.class);
        checkMethod(RoleConfigGroupsResourceImpl.class, "createRoleConfigGroups", ImmutableList.of(new ApiRoleConfigGroupList()), ApiRoleConfigGroupList.class);
        checkMethod(RoleConfigGroupsResourceImpl.class, "updateRoleConfigGroup", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiRoleConfigGroup(), MetricsSourceConfigEvaluatorTest.PLACE_HOLDER), String.class, ApiRoleConfigGroup.class, String.class);
        checkMethod(RoleConfigGroupsResourceImpl.class, "deleteRoleConfigGroup", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER), String.class);
        checkMethod(RoleConfigGroupsResourceImpl.class, "moveRoles", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiRoleNameList()), String.class, ApiRoleNameList.class);
        checkMethod(RoleConfigGroupsResourceImpl.class, "moveRolesToBaseGroup", ImmutableList.of(new ApiRoleNameList()), ApiRoleNameList.class);
        checkMethod(RoleConfigGroupsResourceImpl.class, "updateConfig", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, String.class, ApiConfigList.class);
        checkUnauthorized(MgmtServiceResourceImpl.RolesResourceWrapper.class, "updateRoleConfig", ImmutableList.of("mgmtrole", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, String.class, ApiConfigList.class);
        checkUnauthorized(MgmtServiceResourceImpl.class, "updateServiceConfig", ImmutableList.of(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiServiceConfig()), String.class, ApiServiceConfig.class);
        checkUnauthorized(MgmtServiceResourceV3Impl.RoleConfigGroupsResourceWrapper.class, "updateRoleConfigGroup", ImmutableList.of("mgmtgroup", new ApiRoleConfigGroup(), MetricsSourceConfigEvaluatorTest.PLACE_HOLDER), String.class, ApiRoleConfigGroup.class, String.class);
        checkUnauthorized(MgmtServiceResourceV3Impl.RoleConfigGroupsResourceWrapper.class, "updateConfig", ImmutableList.of("mgmtgroup", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, String.class, ApiConfigList.class);
    }

    @Test
    public void testAnonymous() {
        userManager.setAuthenticated(false);
        userManager.setUsername(MetricsSourceConfigEvaluatorTest.PLACE_HOLDER);
        checkUnauthorized(AnImplementation.class, "postMethod", new Class[0]);
        checkMethod(AnotherImplementation.class, "postMethod", new Class[0]);
    }

    @Test
    public void testPreAuthorize() {
        ((Authorizer) Mockito.doReturn(false).when(authorizer)).cmd((Authentication) Mockito.any(Authentication.class), Long.valueOf(Mockito.eq(1L)));
        ((Authorizer) Mockito.doReturn(true).when(authorizer)).cmd((Authentication) Mockito.any(Authentication.class), Long.valueOf(Mockito.eq(2L)));
        checkUnauthorized(AnImplementation.class, "authorizedMethod", ImmutableList.of("1"), Long.class);
        checkMethod(AnImplementation.class, "authorizedMethod", ImmutableList.of("2"), Long.class);
        ((Authorizer) Mockito.verify(authorizer, Mockito.times(2))).cmd((Authentication) Mockito.any(Authentication.class), Long.valueOf(Mockito.anyLong()));
    }

    private void testExternalAccountUserPermissionsHelper(UserRole userRole, boolean z, boolean z2) {
        ((Authorizer) Mockito.doReturn(Boolean.valueOf(z)).when(authorizer)).externalAccountTypeForConfigEdits((Authentication) Mockito.argThat(new AuthenticationMatcher(userRole)), Mockito.anyString());
        userManager.setUserRole(userRole);
        checkAuthorization(z, ExternalAccountsResourceV16Impl.class, "updateConfig", ImmutableList.of("externalAccount", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, new ApiConfigList()), String.class, ApiConfigList.class, String.class);
        checkAuthorization(z2, ExternalAccountsResourceV16Impl.class, "externalAccountCommandByName", ImmutableList.of(), String.class, String.class);
    }

    @Test
    public void testExternalAccountUserPermissions() {
        testExternalAccountUserPermissionsHelper(UserRole.ROLE_ADMIN, true, true);
        testExternalAccountUserPermissionsHelper(UserRole.ROLE_USER_ADMIN, true, false);
        testExternalAccountUserPermissionsHelper(UserRole.ROLE_CLUSTER_ADMIN, false, true);
    }
}
