package org.apache.kylin.rest.service;

import com.google.common.collect.Lists;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.kylin.common.KylinConfig;
import org.apache.kylin.common.scheduler.EventBusFactory;
import org.apache.kylin.common.util.NLocalFileMetadataTestCase;
import org.apache.kylin.helper.UpdateUserAclToolHelper;
import org.apache.kylin.metadata.epoch.EpochManager;
import org.apache.kylin.metadata.user.ManagedUser;
import org.apache.kylin.rest.config.initialize.UserAclListener;
import org.apache.kylin.rest.security.AclPermission;
import org.apache.kylin.rest.security.AdminUserAspect;
import org.apache.kylin.rest.security.UserAclManager;
import org.apache.kylin.rest.service.ServiceTestBase;
import org.apache.kylin.rest.util.SpringContext;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.util.ReflectionTestUtils;

@WebAppConfiguration("src/main/resources")
@ContextConfiguration(classes = {ServiceTestBase.SpringConfig.class})
@RunWith(SpringJUnit4ClassRunner.class)
@ActiveProfiles({"custom", "test"})
/* loaded from: input_file:org/apache/kylin/rest/service/OpenUserServiceTest.class */
public class OpenUserServiceTest extends NLocalFileMetadataTestCase {

    @Autowired
    @Qualifier("userService")
    private OpenUserService userService;

    @Autowired
    @Qualifier("userGroupService")
    private OpenUserGroupService userGroupService;

    @Autowired
    @Qualifier("customAuthProvider")
    private AuthenticationProvider authenticationProvider;

    @Autowired
    @Qualifier("userAclService")
    private UserAclService userAclService;

    @Rule
    public ExpectedException thrown = ExpectedException.none();
    private UserAclListener userAclListener = new UserAclListener();

    @BeforeClass
    public static void setupResource() throws Exception {
        staticCreateTestMetadata(new String[0]);
        Properties properties = new Properties();
        properties.load(Files.newInputStream(new ClassPathResource("ut_custom/custom-config.properties").getFile().toPath(), new OpenOption[0]));
        KylinConfig testConfig = getTestConfig();
        properties.forEach((obj, obj2) -> {
            testConfig.setProperty(obj.toString(), obj2.toString());
        });
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("ADMIN", "123456", new String[]{"ROLE_ADMIN"}));
    }

    @Before
    public void setup() {
        ReflectionTestUtils.setField(this.userAclService, "userService", this.userService);
        EventBusFactory.getInstance().register(this.userAclListener, true);
    }

    @After
    public void tearDown() {
        EventBusFactory.getInstance().unregister(this.userAclListener);
    }

    @AfterClass
    public static void cleanupResource() {
        staticCleanupTestMetadata();
    }

    @Test
    public void testBasic() {
        EpochManager.getInstance().tryUpdateEpoch("_global", true);
        Assert.assertNotNull(this.userService);
        List<ManagedUser> listUsers = this.userService.listUsers();
        ArrayList newArrayList = Lists.newArrayList();
        ArrayList newArrayList2 = Lists.newArrayList();
        for (ManagedUser managedUser : listUsers) {
            newArrayList.add(managedUser.getUsername());
            if (managedUser.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN"))) {
                newArrayList2.add(managedUser);
            }
        }
        Assert.assertEquals(2L, newArrayList.size());
        Assert.assertTrue(newArrayList.contains("admin"));
        Assert.assertTrue(newArrayList.contains("test"));
        getTestConfig().setProperty("kylin.security.profile", "custom");
        AdminUserAspect adminUserAspect = (AdminUserAspect) SpringContext.getBean(AdminUserAspect.class);
        Mockito.when(Boolean.valueOf(((UpdateUserAclToolHelper) Mockito.spy(UpdateUserAclToolHelper.getInstance())).isUpgraded())).thenReturn(true);
        adminUserAspect.doAfterListAdminUsers(Collections.emptyList());
        Assert.assertFalse(((Boolean) ReflectionTestUtils.getField(adminUserAspect, "superAdminInitialized")).booleanValue());
        List listAdminUsers = this.userService.listAdminUsers();
        Assert.assertEquals(listAdminUsers.size(), newArrayList2.size());
        Iterator it = newArrayList2.iterator();
        while (it.hasNext()) {
            if (!listAdminUsers.contains(((ManagedUser) it.next()).getUsername())) {
                throw new RuntimeException("test get admin fail");
            }
        }
        Assert.assertTrue(((Boolean) ReflectionTestUtils.getField(adminUserAspect, "superAdminInitialized")).booleanValue());
        Assert.assertTrue(UserAclManager.getInstance(getTestConfig()).get("admin").hasPermission(Integer.valueOf(AclPermission.DATA_QUERY.getMask())));
        Assert.assertTrue(this.userService.userExists("test"));
        Assert.assertFalse(this.userService.userExists("test2"));
        Assert.assertNotNull(this.userGroupService);
        List allUserGroups = this.userGroupService.getAllUserGroups();
        Assert.assertEquals(2L, allUserGroups.size());
        Assert.assertTrue(allUserGroups.contains("ROLE_ADMIN"));
        Assert.assertTrue(allUserGroups.contains("ROLE_ANALYST"));
        List groupMembersByName = this.userGroupService.getGroupMembersByName("ROLE_ADMIN");
        Assert.assertEquals(1L, groupMembersByName.size());
        Assert.assertEquals("admin", ((ManagedUser) groupMembersByName.get(0)).getUsername());
    }

    @Test
    public void testCreateUser() {
        this.thrown.expect(UnsupportedOperationException.class);
        this.userService.createUser((UserDetails) null);
    }

    @Test
    public void testUpdateUser() {
        this.thrown.expect(UnsupportedOperationException.class);
        this.userService.updateUser((UserDetails) null);
    }

    @Test
    public void testDeleteUser() {
        this.thrown.expect(UnsupportedOperationException.class);
        this.userService.deleteUser("ben");
    }

    @Test
    public void testChangePassword() {
        this.thrown.expect(UnsupportedOperationException.class);
        this.userService.changePassword("old", "new");
    }

    @Test
    public void testUserExists() {
        Assert.assertTrue(this.userService.userExists("test"));
    }

    @Test
    public void testUserNotExists() {
        Assert.assertFalse(this.userService.userExists("ben"));
    }

    @Test
    public void testAddGroup() {
        this.thrown.expect(UnsupportedOperationException.class);
        this.userGroupService.addGroup("gg");
    }

    @Test
    public void testUpdateGroup() {
        this.thrown.expect(UnsupportedOperationException.class);
        this.userGroupService.modifyGroupUsers("gg", Lists.newArrayList());
    }

    @Test
    public void testDeleteGroup() {
        this.thrown.expect(UnsupportedOperationException.class);
        this.userGroupService.deleteGroup("gg");
    }

    @Test
    public void testGetUserAndUserGroup() throws Exception {
        Map userAndUserGroup = this.userGroupService.getUserAndUserGroup();
        Assert.assertTrue(userAndUserGroup.containsKey("ROLE_ADMIN"));
        Assert.assertTrue(userAndUserGroup.containsKey("ROLE_ANALYST"));
        Assert.assertTrue(((List) userAndUserGroup.get("ROLE_ADMIN")).contains("admin"));
        Assert.assertTrue(((List) userAndUserGroup.get("ROLE_ANALYST")).contains("test"));
    }

    @Test
    public void testBeanInit() {
        Assert.assertTrue(this.userService.getClass().getName().startsWith("org.apache.kylin.rest.service.StaticUserService"));
        Assert.assertTrue(this.userGroupService.getClass().getName().startsWith("org.apache.kylin.rest.service.StaticUserGroupService"));
        Assert.assertTrue(this.authenticationProvider.getClass().getName().startsWith("org.apache.kylin.rest.security.StaticAuthenticationProvider"));
    }

    @Test
    public void testDoAfterListAdminUsers() {
        List asList = Arrays.asList("admin", "sunny");
        AdminUserAspect adminUserAspect = (AdminUserAspect) SpringContext.getBean(AdminUserAspect.class);
        adminUserAspect.doAfterListAdminUsers(asList);
        Assert.assertTrue(((List) ReflectionTestUtils.getField(adminUserAspect, "adminUserList")).contains("sunny"));
    }

    @Test
    public void testSuperAdmin() {
        getTestConfig().setProperty("kylin.security.acl.super-admin-username", "");
        Assert.assertFalse(this.userAclService.isSuperAdmin("test"));
        Assert.assertTrue(this.userService.listSuperAdminUsers().isEmpty());
        getTestConfig().setProperty("kylin.security.acl.super-admin-username", "admin");
        StaticUserService staticUserService = new StaticUserService() { // from class: org.apache.kylin.rest.service.OpenUserServiceTest.1
            @Override // org.apache.kylin.rest.service.StaticUserService
            public List<String> listAdminUsers() {
                throw new RuntimeException("test");
            }
        };
        this.thrown.expect(RuntimeException.class);
        staticUserService.listSuperAdminUsers();
    }

    @Test
    public void testSyncAdminUser() {
        EpochManager.getInstance().tryUpdateEpoch("_global", true);
        this.userAclService.syncAdminUserAcl();
        Assert.assertTrue(this.userAclService.hasUserAclPermission("admin", AclPermission.DATA_QUERY));
    }

    @Test
    public void testUserGroupExists() {
        Assert.assertTrue(this.userGroupService.exists("ROLE_ADMIN"));
        Assert.assertFalse(this.userGroupService.exists("not_exist_group"));
    }

    @Test
    public void testListUserGroupsByUsername() {
        Assert.assertTrue(this.userService.userExists("test"));
        Assert.assertFalse(this.userGroupService.listUserGroups("test").isEmpty());
        Assert.assertFalse(this.userService.userExists("not_exist_user"));
        Assert.assertTrue(this.userGroupService.listUserGroups("not_exist_user").isEmpty());
    }
}
