package com.cloudera.server.cmf.components;

import com.cloudera.api.model.ApiAuthRoleRef;
import com.cloudera.api.model.ApiHostNameList;
import com.cloudera.api.model.ApiRole;
import com.cloudera.api.model.ApiRoleConfigGroup;
import com.cloudera.api.model.ApiRoleConfigGroupList;
import com.cloudera.api.model.ApiRoleList;
import com.cloudera.api.model.ApiRoleNameList;
import com.cloudera.api.model.ApiUser;
import com.cloudera.api.model.ApiUser2;
import com.cloudera.api.model.ApiUser2List;
import com.cloudera.api.model.ApiUserList;
import com.cloudera.cmf.Constants;
import com.cloudera.cmf.command.datacollection.UtilizationReportArchiverTest;
import com.cloudera.cmf.model.DbAuthRole;
import com.cloudera.cmf.model.DbCluster;
import com.cloudera.cmf.model.DbCommand;
import com.cloudera.cmf.model.DbHost;
import com.cloudera.cmf.model.DbProcess;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbRoleConfigGroup;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.model.DbUser;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.ServiceHandler;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.config.MetricsSourceConfigEvaluatorTest;
import com.cloudera.cmf.service.mgmt.MgmtServiceHandler;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.user.UserRole;
import com.cloudera.cmf.version.CdhReleases;
import com.cloudera.server.cmf.CurrentUserManager;
import com.cloudera.server.cmf.MockTestCluster;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentMatcher;
import org.mockito.Mockito;
import org.python.google.common.collect.Sets;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.TestingAuthenticationProvider;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

@ContextConfiguration
@RunWith(SpringJUnit4ClassRunner.class)
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS)
/* loaded from: input_file:com/cloudera/server/cmf/components/AuthorizerTest.class */
public class AuthorizerTest {

    @Autowired
    private AuthorizationTestController ac;

    @Autowired
    private ScmParamTrackerStore spts;

    @Autowired
    private ServiceHandlerRegistry shr;

    @Autowired
    @Qualifier("authenticationManager")
    private ProviderManager pm;

    @Autowired
    private CurrentUserManager currentUserManager;
    private static final Long ROLE_ID = 1L;
    private static final Long SMON_ID = Long.valueOf(ROLE_ID.longValue() + 1);
    private static final Long NAV_ID = Long.valueOf(SMON_ID.longValue() + 1);
    private static final Long SVC_ID = 1L;
    private static final Long MGMT_ID = Long.valueOf(SVC_ID.longValue() + 1);
    private static final Long CLUSTER_ID = 1L;
    private static final Long HOST_ID = 1L;
    private static final Long MGMT_HOST_ID = Long.valueOf(HOST_ID.longValue() + 3);
    private static final Long CMD_ID = 1L;
    private static final Long PROC_ID = 1L;
    private static final Long NAV_PROC_ID = Long.valueOf(PROC_ID.longValue() + 1);
    private static final AuthenticationProvider ap = new TestingAuthenticationProvider();
    private static final CmfEntityManager em = (CmfEntityManager) Mockito.mock(CmfEntityManager.class);

    @BeforeClass
    public static void setupMocks() {
        final DbHost dbHost = new DbHost("h0", "h0", "1.1.1.1", "/default/r1");
        dbHost.setId(HOST_ID);
        DbHost dbHost2 = new DbHost("h1", "h1", "1.1.1.1", "/default/r1");
        dbHost2.setId(Long.valueOf(HOST_ID.longValue() + 1));
        new DbHost("h2", "h2", "1.1.1.1", "/default/r1").setId(Long.valueOf(HOST_ID.longValue() + 2));
        DbHost dbHost3 = new DbHost("h3", "h3", "1.1.1.1", "/default/r2");
        dbHost3.setId(MGMT_HOST_ID);
        DbCluster dbCluster = new DbCluster(UtilizationReportArchiverTest.CLUSTER_NAME1, CdhReleases.CDH5_0_0);
        dbCluster.setId(CLUSTER_ID);
        DbService dbService = new DbService(dbCluster, "hdfs1", "HDFS");
        dbService.setId(SVC_ID);
        DbRole dbRole = new DbRole("nn1", "NAMENODE");
        dbRole.setId(ROLE_ID);
        dbHost2.addRole(dbRole);
        dbService.addRole(dbRole);
        DbRoleConfigGroup dbRoleConfigGroup = new DbRoleConfigGroup("NAMENODE", "rcg1");
        dbRoleConfigGroup.setService(dbService);
        dbRoleConfigGroup.addRole(dbRole);
        dbService.addRoleConfigGroup(dbRoleConfigGroup);
        DbService dbService2 = new DbService("mgmt", MockTestCluster.MGMT_ST);
        dbService2.setId(MGMT_ID);
        DbRole dbRole2 = new DbRole("smon", "SERVICEMONITOR");
        dbRole2.setId(SMON_ID);
        dbHost3.addRole(dbRole2);
        dbService2.addRole(dbRole2);
        DbRole dbRole3 = new DbRole("nav", "NAVIGATOR");
        dbRole3.setId(NAV_ID);
        dbHost3.addRole(dbRole3);
        dbService2.addRole(dbRole3);
        DbCommand createCommand = CommandUtils.createCommand("Inspector");
        createCommand.setId(CMD_ID);
        DbProcess dbProcess = new DbProcess("namenode");
        dbProcess.setId(PROC_ID);
        dbRole.addProcess(dbProcess);
        DbProcess dbProcess2 = new DbProcess("cloudera-mgmt-navigator");
        dbProcess2.setId(NAV_PROC_ID);
        dbRole3.addProcess(dbProcess2);
        DbAuthRole dbAuthRole = new DbAuthRole(UserRole.ROLE_ADMIN);
        DbAuthRole dbAuthRole2 = new DbAuthRole(UserRole.ROLE_CLUSTER_ADMIN);
        DbUser dbUser = new DbUser("u1", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, 0L);
        dbAuthRole.addUser(dbUser);
        DbUser dbUser2 = new DbUser("u2", MetricsSourceConfigEvaluatorTest.PLACE_HOLDER, 0L);
        dbAuthRole2.addUser(dbUser2);
        Mockito.when(em.findHostsByHostNames(ImmutableList.of(dbHost.getName()))).thenReturn(ImmutableList.of(dbHost));
        Mockito.when(em.findHostsByHostNames(ImmutableList.of(dbHost3.getName()))).thenReturn(ImmutableList.of(dbHost3));
        Mockito.when(em.findRolesOnHostsById((String) null, ImmutableList.of(dbHost.getId()))).thenReturn(ImmutableList.of());
        Mockito.when(em.findRolesOnHostsById((String) null, ImmutableList.of(dbHost3.getId()))).thenReturn(ImmutableList.of(dbRole2, dbRole3));
        Mockito.when(em.findRolesOnHostsById((String) null, ImmutableList.of(dbHost.getId(), dbHost3.getId()))).thenReturn(ImmutableList.of(dbRole, dbRole2, dbRole3));
        Mockito.when(em.findCluster(dbCluster.getId().longValue())).thenReturn(dbCluster);
        Mockito.when(em.findService(((Long) Mockito.eq(dbService.getId())).longValue())).thenReturn(dbService);
        Mockito.when(em.findServiceByName(dbService.getName())).thenReturn(dbService);
        Mockito.when(em.findRolesByNames(ImmutableList.of(dbRole.getName()))).thenReturn(ImmutableList.of(dbRole));
        Mockito.when(em.findRole(((Long) Mockito.eq(dbRole.getId())).longValue())).thenReturn(dbRole);
        Mockito.when(em.findRoleByName(dbRole.getName())).thenReturn(dbRole);
        Mockito.when(em.findRoleConfigGroupByName(dbRoleConfigGroup.getName())).thenReturn(dbRoleConfigGroup);
        Mockito.when(em.findService(((Long) Mockito.eq(dbService2.getId())).longValue())).thenReturn(dbService2);
        Mockito.when(em.findServiceByName((String) Mockito.eq(dbService2.getName()))).thenReturn(dbService2);
        Mockito.when(em.findRolesByNames(ImmutableList.of(dbRole2.getName(), dbRole3.getName()))).thenReturn(ImmutableList.of(dbRole2, dbRole3));
        Mockito.when(em.findRolesByNames(ImmutableList.of(dbRole3.getName()))).thenReturn(ImmutableList.of(dbRole3));
        Mockito.when(em.findRole(dbRole2.getId().longValue())).thenReturn(dbRole2);
        Mockito.when(em.findRole(dbRole3.getId().longValue())).thenReturn(dbRole3);
        Mockito.when(em.findCommand(createCommand.getId())).thenReturn(createCommand);
        Mockito.when(em.findProcess(dbProcess.getId())).thenReturn(dbProcess);
        Mockito.when(em.findProcess(dbProcess2.getId())).thenReturn(dbProcess2);
        Mockito.when(em.findUserByName("u1")).thenReturn(dbUser);
        Mockito.when(em.findUserByName("u2")).thenReturn(dbUser2);
        Mockito.when(em.findAuthRole(UserRole.ROLE_ADMIN)).thenReturn(dbAuthRole);
        Mockito.when(em.findAuthRole(UserRole.ROLE_CLUSTER_ADMIN)).thenReturn(dbAuthRole2);
        Mockito.when(em.findAuthRole(dbAuthRole.getUuid())).thenReturn(dbAuthRole);
        Mockito.when(em.findAuthRole(dbAuthRole2.getUuid())).thenReturn(dbAuthRole2);
        Mockito.when(em.findHosts((List) Mockito.argThat(new ArgumentMatcher<List<Long>>() { // from class: com.cloudera.server.cmf.components.AuthorizerTest.1
            public boolean matches(Object obj) {
                return Collections.singletonList(dbHost.getId()).equals(obj);
            }
        }))).thenReturn(Collections.singletonList(dbHost2));
    }

    @Before
    public void init() {
        List providers = this.pm.getProviders();
        if (!providers.contains(ap)) {
            providers.add(ap);
        }
        CmfEntityManager.setCurrentCmfEntityManager(em);
    }

    @After
    public void clear() {
        Mockito.reset(new ScmParamTrackerStore[]{this.spts});
        CmfEntityManager.setCurrentCmfEntityManager((CmfEntityManager) null);
        SecurityContextHolder.clearContext();
    }

    @Test(expected = AuthenticationCredentialsNotFoundException.class)
    public void testNotAuthenticated() {
        this.ac.roleCommand("Start", ROLE_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testRoleCommandNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.roleCommand("Start", ROLE_ID);
    }

    @Test
    public void testRoleCommandAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.roleCommand("Start", ROLE_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testServiceCommandNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.serviceCommand("Start", SVC_ID, (List<Long>) ImmutableList.of(ROLE_ID));
    }

    @Test
    public void testServiceCommandAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.serviceCommand("Start", SVC_ID, (List<Long>) ImmutableList.of(ROLE_ID));
    }

    @Test(expected = AccessDeniedException.class)
    public void testServiceCommandNoRolesByNameNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.serviceCommand("Start", "hdfs1");
    }

    @Test
    public void testServiceCommandNoRolesByNameAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.serviceCommand("Start", "hdfs1");
    }

    @Test(expected = AccessDeniedException.class)
    public void testServiceCommandByNameNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.serviceCommand("Start", "hdfs1", new ApiRoleNameList(ImmutableList.of("nn1")));
    }

    @Test
    public void testServiceCommandByNameAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.serviceCommand("Start", "hdfs1", new ApiRoleNameList(ImmutableList.of("nn1")));
    }

    @Test(expected = AccessDeniedException.class)
    public void testMgmtServiceCommandByNameNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.serviceCommand("Start", "mgmt", new ApiRoleNameList(ImmutableList.of("smon")));
    }

    @Test(expected = AccessDeniedException.class)
    public void testMgmtServiceCommandByNameNotSufficientlyAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.serviceCommand("Start", "mgmt", new ApiRoleNameList(ImmutableList.of("smon")));
    }

    @Test
    public void testMgmtServiceCommandByNameAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS", "ROLE_ADMIN", "AUTH_MGMT_POWER_OPS"));
        this.ac.serviceCommand("Start", "mgmt", new ApiRoleNameList(ImmutableList.of("smon")));
    }

    @Test(expected = AccessDeniedException.class)
    public void testNavServiceCommandByNameNotSufficientlyAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS", "ROLE_ADMIN"));
        this.ac.serviceCommand("Start", "mgmt", new ApiRoleNameList(ImmutableList.of("smon", "nav")));
    }

    @Test
    public void testNavServiceCommandByNameAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS", "ROLE_ADMIN", "AUTH_NAVIGATOR", "AUTH_MGMT_POWER_OPS"));
        this.ac.serviceCommand("Start", "mgmt", new ApiRoleNameList(ImmutableList.of("smon", "nav")));
    }

    @Test(expected = AccessDeniedException.class)
    public void testClusterCommandNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.clusterCommand("Start", CLUSTER_ID);
    }

    @Test
    public void testClusterCommandAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.clusterCommand("Start", CLUSTER_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testHostCommandNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.hostCommand("HostsBringUp", (List<Long>) ImmutableList.of(HOST_ID));
    }

    @Test
    public void testHostCommandAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.hostCommand("HostsBringUp", (List<Long>) ImmutableList.of(HOST_ID));
    }

    @Test(expected = AccessDeniedException.class)
    public void testHostCommandByHostnameNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.hostCommand("HostsBringUp", new ApiHostNameList(ImmutableList.of("h0")));
    }

    @Test
    public void testHostCommandByHostnameAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.hostCommand("HostsBringUp", new ApiHostNameList(ImmutableList.of("h0")));
    }

    @Test(expected = AccessDeniedException.class)
    public void testMgmtHostCommandUnauthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS"));
        this.ac.hostCommand("HostsBringUp", (List<Long>) ImmutableList.of(MGMT_HOST_ID));
    }

    @Test(expected = AccessDeniedException.class)
    public void testMgmtHostCommandStillNotAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS", "ROLE_ADMIN"));
        this.ac.hostCommand("HostsBringUp", (List<Long>) ImmutableList.of(MGMT_HOST_ID));
    }

    @Test
    public void testMgmtHostCommandAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_POWER_OPS", "ROLE_ADMIN", "AUTH_NAVIGATOR", "AUTH_MGMT_POWER_OPS"));
        this.ac.hostCommand("HostsBringUp", (List<Long>) ImmutableList.of(MGMT_HOST_ID));
    }

    @Test
    public void testMaintenanceModeAuthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_MAINTENANCE_MODE"));
        this.ac.buttonValue("maintenanceModeEnter");
        this.ac.buttonValue("maintenanceModeExit");
    }

    @Test(expected = AccessDeniedException.class)
    public void testEnterMaintenanceModeUnauthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.buttonValue("maintenanceModeEnter");
    }

    @Test(expected = AccessDeniedException.class)
    public void testExitMaintenanceModeUnauthorized() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.buttonValue("maintenanceModeExit");
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedCommand() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.existingCommand(CMD_ID);
    }

    @Test
    public void testAuthorizedCommand() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_INSPECT_HOSTS"));
        this.ac.existingCommand(CMD_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedEditService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.editService(SVC_ID);
    }

    @Test
    public void testAuthorizedEditService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_SERVICE_CONFIG"));
        this.ac.editService(SVC_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedEditServiceByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.editService("hdfs1");
    }

    @Test
    public void testAuthorizedEditServiceByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_SERVICE_CONFIG"));
        this.ac.editService("hdfs1");
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedEditRole() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.editRole(ROLE_ID);
    }

    @Test
    public void testAuthorizedEditRole() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_SERVICE_CONFIG"));
        this.ac.editRole(ROLE_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedEditRoleByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.editRole("nn1");
    }

    @Test
    public void testAuthorizedEditRoleByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_SERVICE_CONFIG"));
        this.ac.editRole("nn1");
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedEditRoleType() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.editRoleType(MGMT_ID, MgmtServiceHandler.RoleNames.NAVIGATOR.name());
    }

    @Test
    public void testAuthorizedEditRoleType() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_NAVIGATOR"));
        this.ac.editRoleType(MGMT_ID, MgmtServiceHandler.RoleNames.NAVIGATOR.name());
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedEditRoleTypeByRoleName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.editRoleType(new ApiRoleNameList(ImmutableList.of("nav")));
    }

    @Test
    public void testAuthorizedEditRoleTypeByRoleName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_NAVIGATOR"));
        this.ac.editRoleType(new ApiRoleNameList(ImmutableList.of("nav")));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedEditRoleTypeByRCG() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        ApiRoleConfigGroup apiRoleConfigGroup = new ApiRoleConfigGroup();
        apiRoleConfigGroup.setRoleType(MgmtServiceHandler.RoleNames.NAVIGATOR.name());
        this.ac.editRoleType("mgmt", new ApiRoleConfigGroupList(ImmutableList.of(apiRoleConfigGroup)));
    }

    @Test
    public void testAuthorizedEditRoleTypeByRCG() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_NAVIGATOR"));
        ApiRoleConfigGroup apiRoleConfigGroup = new ApiRoleConfigGroup();
        apiRoleConfigGroup.setRoleType(MgmtServiceHandler.RoleNames.NAVIGATOR.name());
        this.ac.editRoleType("mgmt", new ApiRoleConfigGroupList(ImmutableList.of(apiRoleConfigGroup)));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedRoleConfigGroup() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.rcg("rcg1");
    }

    @Test
    public void testAuthorizedRoleConfigGroup() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_SERVICE_CONFIG"));
        this.ac.rcg("rcg1");
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedProcess() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.process(PROC_ID);
    }

    @Test
    public void testAuthorizedProcess() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_SERVICE_CONFIG"));
        this.ac.process(PROC_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedProcess() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_SERVICE_CONFIG"));
        this.ac.process(NAV_PROC_ID);
    }

    @Test
    public void testSufficientlyAuthorizedProcess() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_NAVIGATOR"));
        this.ac.process(NAV_PROC_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedDeleteService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.deleteService(SVC_ID);
    }

    @Test
    public void testAuthorizedDeleteService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.deleteService(SVC_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedDeleteServiceByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.deleteService("hdfs1");
    }

    @Test
    public void testAuthorizedDeleteServiceByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.deleteService("hdfs1");
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedDeleteMgmtService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.deleteService(MGMT_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedDeleteMgmtService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.deleteService(MGMT_ID);
    }

    @Test
    public void testAuthorizedDeleteMgmtService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN", "AUTH_NAVIGATOR"));
        this.ac.deleteService(MGMT_ID);
    }

    @Test
    public void testAuthorizedEditMgmtService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_MGMT_SERVICE_CONFIG"));
        this.ac.editService(MGMT_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedEditMgmtService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.editService(MGMT_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedDeleteMgmtRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.deleteRoles(ImmutableList.of(NAV_ID, SMON_ID));
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedDeleteMgmtRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.deleteRoles(ImmutableList.of(NAV_ID, SMON_ID));
    }

    @Test
    public void testAuthorizedDeleteMgmtRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN", "AUTH_NAVIGATOR"));
        this.ac.deleteRoles(ImmutableList.of(NAV_ID, SMON_ID));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedDeleteRole() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.deleteRole(ROLE_ID);
    }

    @Test
    public void testAuthorizedDeleteRole() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.deleteRole(ROLE_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedDeleteRoleByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.deleteRole("nn1");
    }

    @Test
    public void testAuthorizedDeleteRoleByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.deleteRole("nn1");
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedDeleteRolesByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.deleteRolesByName(ImmutableList.of("nn1"));
    }

    @Test
    public void testAuthorizedDeleteRolesByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.deleteRolesByName(ImmutableList.of("nn1"));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedDeleteMgmtHost() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.deleteHosts(ImmutableList.of(HOST_ID, MGMT_HOST_ID));
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedDeleteMgmtHost() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.deleteHosts(ImmutableList.of(HOST_ID, MGMT_HOST_ID));
    }

    @Test
    public void testAuthorizedDeleteMgmtHost() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN", "AUTH_NAVIGATOR"));
        this.ac.deleteHosts(ImmutableList.of(HOST_ID, MGMT_HOST_ID));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedAddAnyService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_KEY_ADMIN"));
        this.ac.addAnyService(CLUSTER_ID);
    }

    @Test
    public void testPartiallyAuthorizedAddAnyService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_KEY_ADMIN"));
        try {
            addMockKms();
            this.ac.addAnyService(CLUSTER_ID);
        } finally {
            removeMockKms();
        }
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedAddAnyServiceMgmtCase() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_KEY_ADMIN"));
        this.ac.addAnyService(0L);
    }

    @Test
    public void testPartiallyAuthorizedAddAnyServiceMgmtCase() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.addAnyService(0L);
    }

    @Test(expected = AccessDeniedException.class)
    public void testRenameService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_KEY_ADMIN"));
        this.ac.renameService(SVC_ID);
    }

    @Test
    public void testAuthorizedRenameService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.renameService(SVC_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedAddRolesToService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.addRolesToService(SVC_ID);
    }

    @Test
    public void testPartiallyAuthorizedAddRolesToService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.addRolesToService(SVC_ID);
    }

    @Test
    public void testAuthorizedAddRolesToService() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN", "AUTH_NAVIGATOR"));
        this.ac.addRolesToService(SVC_ID);
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedAddRolesToServiceByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        ApiRole apiRole = new ApiRole();
        apiRole.setType(MgmtServiceHandler.RoleNames.NAVIGATORMETASERVER.name());
        ApiRole apiRole2 = new ApiRole();
        apiRole2.setType(MgmtServiceHandler.RoleNames.EVENTSERVER.name());
        this.ac.addRolesToService("mgmt", new ApiRoleList(ImmutableList.of(apiRole, apiRole2)));
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedAddRolesToServiceByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        ApiRole apiRole = new ApiRole();
        apiRole.setType(MgmtServiceHandler.RoleNames.NAVIGATORMETASERVER.name());
        ApiRole apiRole2 = new ApiRole();
        apiRole2.setType(MgmtServiceHandler.RoleNames.EVENTSERVER.name());
        this.ac.addRolesToService("mgmt", new ApiRoleList(ImmutableList.of(apiRole, apiRole2)));
    }

    @Test
    public void testAuthorizedAddRolesToServiceByName() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN", "AUTH_NAVIGATOR"));
        ApiRole apiRole = new ApiRole();
        apiRole.setType(MgmtServiceHandler.RoleNames.NAVIGATORMETASERVER.name());
        ApiRole apiRole2 = new ApiRole();
        apiRole2.setType(MgmtServiceHandler.RoleNames.EVENTSERVER.name());
        this.ac.addRolesToService("mgmt", new ApiRoleList(ImmutableList.of(apiRole, apiRole2)));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedUsers() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.users(ImmutableList.of("u1", "u2"));
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedUsers() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_USERS_CONFIG"));
        this.ac.users(ImmutableList.of("u1", "u2"));
    }

    public void testAuthorizedUsers() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_USERS_CONFIG", "AUTH_FULL_ADMIN_CONFIG"));
        this.ac.users(ImmutableList.of("u1", "u2"));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedUserRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.userRoles((List<String>) ImmutableList.of(UserRole.ROLE_CLUSTER_ADMIN.name(), UserRole.ROLE_ADMIN.name()));
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedUserRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_USERS_CONFIG"));
        this.ac.userRoles((List<String>) ImmutableList.of(UserRole.ROLE_CLUSTER_ADMIN.name(), UserRole.ROLE_ADMIN.name()));
    }

    @Test
    public void testAuthorizedUserRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_FULL_ADMIN_CONFIG", "AUTH_USERS_CONFIG"));
        ApiUser2 apiUser2 = new ApiUser2();
        ApiAuthRoleRef apiAuthRoleRef = new ApiAuthRoleRef();
        apiAuthRoleRef.setUuid(em.findAuthRole(UserRole.ROLE_ADMIN).getUuid());
        apiUser2.setAuthRoles(Sets.newHashSet(new ApiAuthRoleRef[]{apiAuthRoleRef}));
        ApiAuthRoleRef apiAuthRoleRef2 = new ApiAuthRoleRef();
        apiAuthRoleRef2.setUuid(em.findAuthRole(UserRole.ROLE_CLUSTER_ADMIN).getUuid());
        ApiUser2 apiUser22 = new ApiUser2();
        apiUser22.setAuthRoles(Sets.newHashSet(new ApiAuthRoleRef[]{apiAuthRoleRef2}));
        this.ac.userRoles(new ApiUser2List(ImmutableList.of(apiUser2, apiUser22)));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedUserRolesFromApiList() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        ApiUser2 apiUser2 = new ApiUser2();
        ApiAuthRoleRef apiAuthRoleRef = new ApiAuthRoleRef();
        apiAuthRoleRef.setUuid(em.findAuthRole(UserRole.ROLE_CLUSTER_ADMIN).getUuid());
        apiUser2.setAuthRoles(Sets.newHashSet(new ApiAuthRoleRef[]{apiAuthRoleRef}));
        ApiAuthRoleRef apiAuthRoleRef2 = new ApiAuthRoleRef();
        apiAuthRoleRef2.setUuid(em.findAuthRole(UserRole.ROLE_ADMIN).getUuid());
        ApiUser2 apiUser22 = new ApiUser2();
        apiUser22.setAuthRoles(Sets.newHashSet(new ApiAuthRoleRef[]{apiAuthRoleRef2}));
        this.ac.userRoles(new ApiUser2List(ImmutableList.of(apiUser2, apiUser22)));
    }

    @Test
    public void testNotSufficientlyAuthorizedUserRolesFromApiList() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_USERS_CONFIG"));
        ApiUser2 apiUser2 = new ApiUser2();
        ApiAuthRoleRef apiAuthRoleRef = new ApiAuthRoleRef();
        apiAuthRoleRef.setUuid(em.findAuthRole(UserRole.ROLE_CLUSTER_ADMIN).getUuid());
        apiUser2.setAuthRoles(Sets.newHashSet(new ApiAuthRoleRef[]{apiAuthRoleRef}));
        ApiAuthRoleRef apiAuthRoleRef2 = new ApiAuthRoleRef();
        apiAuthRoleRef2.setUuid(em.findAuthRole(UserRole.ROLE_ADMIN).getUuid());
        ApiUser2 apiUser22 = new ApiUser2();
        apiUser22.setAuthRoles(Sets.newHashSet(new ApiAuthRoleRef[]{apiAuthRoleRef2}));
        try {
            this.ac.userRoles(new ApiUser2List(ImmutableList.of(apiUser2, apiUser22)));
            Assert.fail();
        } catch (AccessDeniedException e) {
        }
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("read-only-user", "password", "ROLE_USER"));
        try {
            this.ac.userRoles(new ApiUserList(ImmutableList.of(new ApiUser())));
            Assert.fail();
        } catch (AccessDeniedException e2) {
        }
    }

    @Test
    public void testAuthorizedUserRolesFromApiList() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_FULL_ADMIN_CONFIG", "AUTH_USERS_CONFIG"));
        this.ac.userRoles((List<String>) ImmutableList.of(UserRole.ROLE_CLUSTER_ADMIN.name(), UserRole.ROLE_ADMIN.name()));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedUsersAndRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.usersAndRoles(ImmutableList.of("u2"), ImmutableList.of(UserRole.ROLE_CLUSTER_ADMIN.name()));
    }

    @Test
    public void testMinimallyAuthorizedUsersAndRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_USERS_CONFIG"));
        this.ac.usersAndRoles(ImmutableList.of("u2"), ImmutableList.of(UserRole.ROLE_CLUSTER_ADMIN.name()));
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedUserAndAuthorizedRole() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_USERS_CONFIG"));
        this.ac.usersAndRoles(ImmutableList.of("u1"), ImmutableList.of(UserRole.ROLE_CLUSTER_ADMIN.name()));
    }

    @Test(expected = AccessDeniedException.class)
    public void testNotSufficientlyAuthorizedRoleAndAuthorizedUser() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_USERS_CONFIG"));
        this.ac.usersAndRoles(ImmutableList.of("u2"), ImmutableList.of(UserRole.ROLE_ADMIN.name()));
    }

    public void testAuthorizedUsersAndRoles() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "AUTH_USERS_CONFIG", "AUTH_FULL_ADMIN_CONFIG"));
        this.ac.usersAndRoles(ImmutableList.of("u1", "u2"), ImmutableList.of(UserRole.ROLE_CLUSTER_ADMIN.name(), UserRole.ROLE_ADMIN.name()));
    }

    @Test(expected = AccessDeniedException.class)
    public void testUnauthorizedServerSettings() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.serverSettings();
    }

    @Test
    public void testPartiallyAuthorizedServerSettings() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN"));
        this.ac.serverSettings();
    }

    @Test
    public void testAuthorizedServerSettings() {
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_ADMIN", "AUTH_USERS_CONFIG"));
        this.ac.serverSettings();
    }

    @Test
    public void testUnprotectedUnauthorizedClientConfig() {
        Mockito.when(this.spts.get(ScmParams.CLIENT_CONFIG_AUTH)).thenReturn(false);
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.clientConfig();
    }

    @Test(expected = AccessDeniedException.class)
    public void testProtectedUnauthorizedClientConfig() {
        Mockito.when(this.spts.get(ScmParams.CLIENT_CONFIG_AUTH)).thenReturn(true);
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password"));
        this.ac.clientConfig();
    }

    @Test
    public void testUnprotectedAuthorizedClientConfig() {
        Mockito.when(this.spts.get(ScmParams.CLIENT_CONFIG_AUTH)).thenReturn(false);
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_USER"));
        this.ac.clientConfig();
    }

    @Test
    public void testProtectedAuthorizedClientConfig() {
        Mockito.when(this.spts.get(ScmParams.CLIENT_CONFIG_AUTH)).thenReturn(true);
        SecurityContextHolder.getContext().setAuthentication(prepareCurrentUser("user", "password", "ROLE_USER"));
        this.ac.clientConfig();
    }

    private void addMockKms() {
        ServiceHandler serviceHandler = (ServiceHandler) Mockito.mock(ServiceHandler.class);
        Mockito.when(serviceHandler.getServiceType()).thenReturn("MOCK_KMS");
        Mockito.when(serviceHandler.getSupportedReleaseRange()).thenReturn(Constants.SERVICE_VERSIONS_SINCE_CDH5);
        Mockito.when(serviceHandler.getVersion()).thenReturn(CdhReleases.LOWEST_SUPPORTED_CDH_RELEASE);
        Mockito.when(serviceHandler.getRoleHandlers()).thenReturn(ImmutableSet.of());
        Mockito.when(serviceHandler.getAuthorityForAddRemove()).thenReturn("AUTH_KEY_ADMIN");
        this.shr.add(serviceHandler);
    }

    private void removeMockKms() {
        ServiceHandler serviceHandler = null;
        Iterator it = this.shr.getAll().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ServiceHandler serviceHandler2 = (ServiceHandler) it.next();
            if (serviceHandler2.getServiceType().equals("MOCK_KMS")) {
                serviceHandler = serviceHandler2;
                break;
            }
        }
        if (null != serviceHandler) {
            this.shr.remove(serviceHandler);
        }
    }

    private Authentication prepareCurrentUser(String str, String str2) {
        TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken(str, str2);
        resetUserManager(str, Collections.emptyList());
        return testingAuthenticationToken;
    }

    private Authentication prepareCurrentUser(String str, String str2, String... strArr) {
        TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken(str, str2, AuthorityUtils.createAuthorityList(strArr));
        resetUserManager(str, Arrays.asList(strArr));
        return testingAuthenticationToken;
    }

    private void resetUserManager(String str, Collection<String> collection) {
        CurrentUserManagerMock currentUserManagerMock = (CurrentUserManagerMock) this.currentUserManager;
        currentUserManagerMock.setUsername(str);
        currentUserManagerMock.setAuthenticated(true);
        UserRole userRole = (UserRole) Mockito.mock(UserRole.class);
        Mockito.when(userRole.getAuthorities()).thenReturn(ImmutableSet.copyOf(collection));
        currentUserManagerMock.setUserRole(userRole);
    }
}
