package org.apache.kylin.rest.service;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.kylin.common.persistence.AclEntity;
import org.apache.kylin.common.util.NLocalFileMetadataTestCase;
import org.apache.kylin.rest.security.AclPermission;
import org.apache.kylin.rest.security.MutableAclRecord;
import org.apache.kylin.rest.security.ObjectIdentityImpl;
import org.apache.kylin.rest.util.SpringContext;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mockito;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import org.springframework.context.ApplicationContext;
import org.springframework.security.acls.domain.PermissionFactory;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.Acl;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.PermissionGrantingStrategy;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;

@PrepareForTest({SpringContext.class, UserGroupInformation.class})
@RunWith(PowerMockRunner.class)
/* loaded from: input_file:org/apache/kylin/rest/service/AclServiceTest.class */
public class AclServiceTest extends NLocalFileMetadataTestCase {

    @InjectMocks
    AclService aclService = (AclService) Mockito.spy(AclService.class);

    /* loaded from: input_file:org/apache/kylin/rest/service/AclServiceTest$MockAclEntity.class */
    public static class MockAclEntity implements AclEntity {
        private String id;

        public MockAclEntity(String str) {
            this.id = str;
        }

        public String getId() {
            return this.id;
        }
    }

    @Before
    public void setup() throws IOException {
        PowerMockito.mockStatic(SpringContext.class, new Class[0]);
        PowerMockito.mockStatic(UserGroupInformation.class, new Class[0]);
        PowerMockito.when(UserGroupInformation.getCurrentUser()).thenReturn((UserGroupInformation) Mockito.mock(UserGroupInformation.class));
        overwriteSystemProp("HADOOP_USER_NAME", "root");
        createTestMetadata(new String[0]);
        PowerMockito.when(SpringContext.getApplicationContext()).thenReturn((ApplicationContext) PowerMockito.mock(ApplicationContext.class));
        PowerMockito.when(SpringContext.getBean(PermissionFactory.class)).thenReturn(PowerMockito.mock(PermissionFactory.class));
        PowerMockito.when(SpringContext.getBean(PermissionGrantingStrategy.class)).thenReturn(PowerMockito.mock(PermissionGrantingStrategy.class));
    }

    @After
    public void tearDown() {
        cleanupTestMetadata();
    }

    @Test
    public void testBasics() {
        switchToAdmin();
        ObjectIdentityImpl oid = oid("parent-obj");
        MutableAclRecord createAcl = this.aclService.createAcl(oid);
        switchToAnalyst();
        ObjectIdentityImpl oid2 = oid("child-obj");
        MutableAclRecord createAcl2 = this.aclService.createAcl(oid2);
        this.aclService.readAcl(oid2);
        try {
            this.aclService.createAcl(oid2);
            Assert.fail();
        } catch (AlreadyExistsException e) {
        }
        MutableAclRecord inherit = this.aclService.inherit(createAcl2, createAcl);
        Assert.assertEquals(oid, inherit.getAclRecord().getParentDomainObjectInfo());
        PrincipalSid principalSid = new PrincipalSid("user1");
        MutableAclRecord upsertAce = this.aclService.upsertAce(inherit, principalSid, AclPermission.ADMINISTRATION);
        Assert.assertEquals(oid, upsertAce.getAclRecord().getParentDomainObjectInfo());
        Assert.assertEquals(AclPermission.ADMINISTRATION, upsertAce.getAclRecord().getPermission(principalSid));
        Assert.assertEquals(0L, this.aclService.upsertAce(upsertAce, principalSid, (Permission) null).getAclRecord().getEntries().size());
        this.aclService.deleteAcl(oid, true);
        Assert.assertNull(this.aclService.readAcl(oid2));
    }

    @Test
    public void testBatchUpsertAce() {
        switchToAdmin();
        ObjectIdentityImpl oid = oid("acl");
        MutableAclRecord createAcl = this.aclService.createAcl(oid);
        HashMap hashMap = new HashMap();
        for (int i = 0; i < 10; i++) {
            hashMap.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
        }
        this.aclService.batchUpsertAce(createAcl, hashMap);
        Iterator it = this.aclService.readAclsById(Collections.singletonList(oid)).values().iterator();
        while (it.hasNext()) {
            List entries = ((Acl) it.next()).getEntries();
            Assert.assertEquals(10L, entries.size());
            for (int i2 = 0; i2 < entries.size(); i2++) {
                Assert.assertEquals(new PrincipalSid("u" + i2), ((AccessControlEntry) entries.get(i2)).getSid());
            }
        }
    }

    private void switchToAdmin() {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("ADMIN", "ADMIN", new String[]{"ROLE_ADMIN"}));
    }

    private void switchToAnalyst() {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("ANALYST", "ANALYST", new String[]{"ROLE_ANALYST"}));
    }

    private ObjectIdentityImpl oid(String str) {
        return new ObjectIdentityImpl(new MockAclEntity(str));
    }
}
