package org.apache.iotdb.db.auth.role;

import java.io.File;
import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.PathPrivilege;
import org.apache.iotdb.commons.auth.entity.PriPrivilegeType;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.role.LocalFileRoleManager;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.db.utils.EnvironmentUtils;
import org.apache.iotdb.db.utils.constant.TestConstant;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/iotdb/db/auth/role/LocalFileRoleManagerTest.class */
public class LocalFileRoleManagerTest {
    private File testFolder;
    private LocalFileRoleManager manager;

    @Before
    public void setUp() {
        EnvironmentUtils.envSetUp();
        this.testFolder = new File(TestConstant.BASE_OUTPUT_PATH.concat("test"));
        this.testFolder.mkdirs();
        this.manager = new LocalFileRoleManager(this.testFolder.getPath());
    }

    @After
    public void tearDown() throws Exception {
        FileUtils.deleteDirectory(this.testFolder);
        EnvironmentUtils.cleanEnv();
    }

    @Test
    public void test() throws AuthException, IllegalPathException {
        Role[] roleArr = new Role[4];
        for (int i = 0; i < roleArr.length; i++) {
            roleArr[i] = new Role("role" + i);
            for (int i2 = 0; i2 <= i; i2++) {
                PathPrivilege pathPrivilege = new PathPrivilege(new PartialPath("root.a.b.c" + i2));
                pathPrivilege.getPrivileges().add(Integer.valueOf(i2));
                roleArr[i].getPathPrivilegeList().add(pathPrivilege);
                roleArr[i].getSysPrivilege().add(Integer.valueOf(i2 + 4));
            }
        }
        Assert.assertNull(this.manager.getRole(roleArr[0].getName()));
        for (Role role : roleArr) {
            Assert.assertTrue(this.manager.createRole(role.getName()));
        }
        for (Role role2 : roleArr) {
            Assert.assertEquals(role2.getName(), this.manager.getRole(role2.getName()).getName());
        }
        Assert.assertFalse(this.manager.createRole(roleArr[0].getName()));
        Assert.assertFalse(this.manager.deleteRole("not a role"));
        Assert.assertTrue(this.manager.deleteRole(roleArr[roleArr.length - 1].getName()));
        Assert.assertNull(this.manager.getRole(roleArr[roleArr.length - 1].getName()));
        Assert.assertFalse(this.manager.deleteRole(roleArr[roleArr.length - 1].getName()));
        Role role3 = this.manager.getRole(roleArr[0].getName());
        PartialPath partialPath = new PartialPath("root.a.b.c");
        Assert.assertFalse(role3.hasPrivilegeToRevoke(partialPath, 0));
        this.manager.grantPrivilegeToRole(role3.getName(), partialPath, 0, false);
        this.manager.grantPrivilegeToRole(role3.getName(), partialPath, 0 + 1, false);
        this.manager.grantPrivilegeToRole(role3.getName(), partialPath, 0, false);
        Role role4 = this.manager.getRole(roleArr[0].getName());
        Assert.assertTrue(role4.hasPrivilegeToRevoke(partialPath, 0));
        this.manager.grantPrivilegeToRole(role4.getName(), (PartialPath) null, PrivilegeType.MAINTAIN.ordinal(), true);
        this.manager.grantPrivilegeToRole(role4.getName(), (PartialPath) null, PrivilegeType.MAINTAIN.ordinal(), true);
        boolean z = false;
        try {
            this.manager.grantPrivilegeToRole("not a role", partialPath, 0, false);
        } catch (AuthException e) {
            z = true;
        }
        Assert.assertTrue(z);
        Role role5 = this.manager.getRole(roleArr[0].getName());
        Assert.assertTrue(this.manager.revokePrivilegeFromRole(role5.getName(), partialPath, 0));
        Assert.assertFalse(this.manager.revokePrivilegeFromRole(role5.getName(), partialPath, 0));
        Assert.assertFalse(this.manager.revokePrivilegeFromRole(role5.getName(), (PartialPath) null, PrivilegeType.USE_PIPE.ordinal()));
        Assert.assertTrue(this.manager.revokePrivilegeFromRole(role5.getName(), (PartialPath) null, PrivilegeType.MAINTAIN.ordinal()));
        Assert.assertEquals(this.manager.getRole(role5.getName()).getSysPriGrantOpt().size(), 0L);
        boolean z2 = false;
        try {
            this.manager.revokePrivilegeFromRole("not a role", partialPath, 0);
        } catch (AuthException e2) {
            z2 = true;
        }
        Assert.assertTrue(z2);
        List listAllRoles = this.manager.listAllRoles();
        listAllRoles.sort(null);
        for (int i3 = 0; i3 < roleArr.length - 1; i3++) {
            Assert.assertEquals(roleArr[i3].getName(), listAllRoles.get(i3));
        }
    }

    @Test
    public void testPathCheckForUpgrade() throws AuthException, IllegalPathException {
        this.manager.createRole("test");
        this.manager.setPreVersion(true);
        for (PriPrivilegeType priPrivilegeType : PriPrivilegeType.values()) {
            if (priPrivilegeType != PriPrivilegeType.ALL && priPrivilegeType.isAccept()) {
                if (priPrivilegeType.isPrePathRelevant()) {
                    this.manager.grantPrivilegeToRole("test", new PartialPath("root.d.a"), priPrivilegeType.ordinal(), false);
                    this.manager.grantPrivilegeToRole("test", new PartialPath("root.ds.a.b*"), priPrivilegeType.ordinal(), false);
                    this.manager.grantPrivilegeToRole("test", new PartialPath("root.ds.a.c*"), priPrivilegeType.ordinal(), false);
                } else {
                    this.manager.grantPrivilegeToRole("test", new PartialPath("root.**"), priPrivilegeType.ordinal(), false);
                }
            }
        }
        io.jsonwebtoken.lang.Assert.isTrue(this.manager.getRole("test").getPathPrivilegeList().size() == 4);
        io.jsonwebtoken.lang.Assert.isTrue(!this.manager.getRole("test").getServiceReady());
        this.manager.checkAndRefreshPathPri();
        Assert.assertEquals(3L, this.manager.getRole("test").getPathPrivileges(new PartialPath("root.d.a")).size());
        Assert.assertEquals(3L, this.manager.getRole("test").getPathPrivileges(new PartialPath("root.ds.a.**")).size());
        Assert.assertEquals(0L, this.manager.getRole("test").getPathPrivileges(new PartialPath("root.**")).size());
        Assert.assertEquals(PrivilegeType.getSysPriCount() - 3, this.manager.getRole("test").getSysPrivilege().size());
        this.manager.getRole("test").getPathPrivilegeList().clear();
        this.manager.getRole("test").getSysPrivilege().clear();
    }

    @Test
    public void testPrivRefreshSingle() throws AuthException, IllegalPathException {
        this.manager.createRole("test");
        this.manager.setPreVersion(true);
        for (PriPrivilegeType priPrivilegeType : PriPrivilegeType.values()) {
            if (priPrivilegeType != PriPrivilegeType.ALL) {
                if (priPrivilegeType.isAccept()) {
                    if (priPrivilegeType.isPrePathRelevant()) {
                        this.manager.grantPrivilegeToRole("test", new PartialPath("root.d.a"), priPrivilegeType.ordinal(), false);
                        this.manager.grantPrivilegeToRole("test", new PartialPath("root.ds.a.b*"), priPrivilegeType.ordinal(), false);
                    } else {
                        this.manager.grantPrivilegeToRole("test", new PartialPath("root.**"), priPrivilegeType.ordinal(), false);
                    }
                }
                this.manager.checkAndRefreshPathPri();
                PartialPath convertPatternPath = AuthUtils.convertPatternPath(new PartialPath("root.ds.a.b*"));
                PartialPath partialPath = new PartialPath("root.d.a");
                for (PrivilegeType privilegeType : priPrivilegeType.getSubPri()) {
                    if (privilegeType.isPathRelevant()) {
                        io.jsonwebtoken.lang.Assert.isTrue(this.manager.getRole("test").checkPathPrivilege(convertPatternPath, privilegeType.ordinal()));
                        io.jsonwebtoken.lang.Assert.isTrue(this.manager.getRole("test").checkPathPrivilege(partialPath, privilegeType.ordinal()));
                        this.manager.getRole("test").removePathPrivilege(convertPatternPath, privilegeType.ordinal());
                        this.manager.getRole("test").removePathPrivilege(partialPath, privilegeType.ordinal());
                    } else {
                        io.jsonwebtoken.lang.Assert.isTrue(this.manager.getRole("test").checkSysPrivilege(privilegeType.ordinal()));
                        this.manager.getRole("test").removeSysPrivilege(privilegeType.ordinal());
                    }
                }
                io.jsonwebtoken.lang.Assert.isTrue(this.manager.getRole("test").getPathPrivilegeList().isEmpty());
                io.jsonwebtoken.lang.Assert.isTrue(this.manager.getRole("test").getSysPrivilege().isEmpty());
            }
        }
    }
}
