package org.apache.solr.cloud;

import java.io.FileWriter;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import org.apache.solr.SolrTestCaseJ4;
import org.apache.solr.common.cloud.DigestZkACLProvider;
import org.apache.solr.common.cloud.DigestZkCredentialsProvider;
import org.apache.solr.common.cloud.SolrZkClient;
import org.apache.solr.common.cloud.VMParamsZkCredentialsInjector;
import org.apache.solr.common.cloud.ZkCredentialsInjector;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.data.Stat;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/cloud/AbstractDigestZkACLAndCredentialsProvidersTestBase.class */
public class AbstractDigestZkACLAndCredentialsProvidersTestBase extends SolrTestCaseJ4 {
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static final Charset DATA_ENCODING = StandardCharsets.UTF_8;
    private static final String ALL_USERNAME = "connectAndAllACLUsername";
    private static final String ALL_PASSWORD = "connectAndAllACLPassword";
    private static final String READONLY_USERNAME = "readonlyACLUsername";
    private static final String READONLY_PASSWORD = "readonlyACLPassword";
    public static final String SECRET_NAME = "zkCredentialsSecret";
    protected ZkTestServer zkServer;
    protected Path zkDir;

    /* loaded from: input_file:org/apache/solr/cloud/AbstractDigestZkACLAndCredentialsProvidersTestBase$AllAndReadonlyCredentialZkCredentialsInjector.class */
    public static class AllAndReadonlyCredentialZkCredentialsInjector implements ZkCredentialsInjector {
        public List<ZkCredentialsInjector.ZkCredential> getZkCredentials() {
            return List.of(new ZkCredentialsInjector.ZkCredential(AbstractDigestZkACLAndCredentialsProvidersTestBase.ALL_USERNAME, AbstractDigestZkACLAndCredentialsProvidersTestBase.ALL_PASSWORD, ZkCredentialsInjector.ZkCredential.Perms.ALL), new ZkCredentialsInjector.ZkCredential(AbstractDigestZkACLAndCredentialsProvidersTestBase.READONLY_USERNAME, AbstractDigestZkACLAndCredentialsProvidersTestBase.READONLY_PASSWORD, ZkCredentialsInjector.ZkCredential.Perms.READ));
        }
    }

    /* loaded from: input_file:org/apache/solr/cloud/AbstractDigestZkACLAndCredentialsProvidersTestBase$AllCredentialZkCredentialsInjector.class */
    public static class AllCredentialZkCredentialsInjector implements ZkCredentialsInjector {
        public List<ZkCredentialsInjector.ZkCredential> getZkCredentials() {
            return List.of(new ZkCredentialsInjector.ZkCredential(AbstractDigestZkACLAndCredentialsProvidersTestBase.ALL_USERNAME, AbstractDigestZkACLAndCredentialsProvidersTestBase.ALL_PASSWORD, ZkCredentialsInjector.ZkCredential.Perms.ALL));
        }
    }

    /* loaded from: input_file:org/apache/solr/cloud/AbstractDigestZkACLAndCredentialsProvidersTestBase$ConnectWithReadonlyCredsInjector.class */
    public static class ConnectWithReadonlyCredsInjector implements ZkCredentialsInjector {
        public List<ZkCredentialsInjector.ZkCredential> getZkCredentials() {
            return List.of(new ZkCredentialsInjector.ZkCredential(AbstractDigestZkACLAndCredentialsProvidersTestBase.READONLY_USERNAME, AbstractDigestZkACLAndCredentialsProvidersTestBase.READONLY_PASSWORD, ZkCredentialsInjector.ZkCredential.Perms.ALL));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/solr/cloud/AbstractDigestZkACLAndCredentialsProvidersTestBase$ExceptingRunnable.class */
    public interface ExceptingRunnable {
        void run() throws Exception;
    }

    /* loaded from: input_file:org/apache/solr/cloud/AbstractDigestZkACLAndCredentialsProvidersTestBase$NoCredentialZkCredentialsInjector.class */
    public static class NoCredentialZkCredentialsInjector implements ZkCredentialsInjector {
        public List<ZkCredentialsInjector.ZkCredential> getZkCredentials() {
            return Collections.emptyList();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/solr/cloud/AbstractDigestZkACLAndCredentialsProvidersTestBase$TestZkCredentialsInjector.class */
    public class TestZkCredentialsInjector {
        private final Class<?> zkCredentialsInjectorClass;
        private final List<String> systemPropsKeys;
        private final List<String> systemPropsValues;

        public TestZkCredentialsInjector(AbstractDigestZkACLAndCredentialsProvidersTestBase abstractDigestZkACLAndCredentialsProvidersTestBase, Class<?> cls) {
            this(cls, Collections.emptyList(), Collections.emptyList());
        }

        public TestZkCredentialsInjector(Class<?> cls, List<String> list, List<String> list2) {
            this.zkCredentialsInjectorClass = cls;
            this.systemPropsKeys = list;
            this.systemPropsValues = list2;
        }

        private void setSystemProps() {
            AbstractDigestZkACLAndCredentialsProvidersTestBase.this.clearSecuritySystemProperties();
            AbstractDigestZkACLAndCredentialsProvidersTestBase.this.setDigestZkSystemProps();
            System.setProperty("zkCredentialsInjector", this.zkCredentialsInjectorClass.getName());
            int i = 0;
            Iterator<String> it = this.systemPropsKeys.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                System.setProperty(it.next(), this.systemPropsValues.get(i2));
            }
        }
    }

    /* loaded from: input_file:org/apache/solr/cloud/AbstractDigestZkACLAndCredentialsProvidersTestBase$WrongAllCredentialZkCredentialsInjector.class */
    public static class WrongAllCredentialZkCredentialsInjector implements ZkCredentialsInjector {
        public List<ZkCredentialsInjector.ZkCredential> getZkCredentials() {
            return List.of(new ZkCredentialsInjector.ZkCredential(AbstractDigestZkACLAndCredentialsProvidersTestBase.ALL_USERNAME, "connectAndAllACLPasswordWrong", ZkCredentialsInjector.ZkCredential.Perms.ALL));
        }
    }

    @BeforeClass
    public static void beforeClass() {
        System.setProperty("solrcloud.skip.autorecovery", "true");
    }

    @AfterClass
    public static void afterClass() {
        System.clearProperty("solrcloud.skip.autorecovery");
    }

    @Override // org.apache.solr.SolrTestCaseJ4
    public void setUp() throws Exception {
        super.setUp();
        if (log.isInfoEnabled()) {
            log.info("####SETUP_START {}", getTestName());
        }
        createTempDir();
        this.zkDir = createTempDir().resolve("zookeeper/server1/data");
        log.info("ZooKeeper dataDir:{}", this.zkDir);
        setSecuritySystemProperties();
        this.zkServer = new ZkTestServer(this.zkDir);
        this.zkServer.run(false);
        System.setProperty("zkHost", this.zkServer.getZkAddress());
        setDigestZkSystemProps();
        System.setProperty("zkCredentialsInjector", AllAndReadonlyCredentialZkCredentialsInjector.class.getName());
        SolrZkClient build = new SolrZkClient.Builder().withUrl(this.zkServer.getZkHost()).withTimeout(45000, TimeUnit.MILLISECONDS).withConnTimeOut(45000, TimeUnit.MILLISECONDS).build();
        build.makePath("/solr", false, true);
        build.close();
        SolrZkClient build2 = new SolrZkClient.Builder().withUrl(this.zkServer.getZkAddress()).withTimeout(45000, TimeUnit.MILLISECONDS).build();
        build2.create("/protectedCreateNode", "content".getBytes(DATA_ENCODING), CreateMode.PERSISTENT, false);
        build2.makePath("/protectedMakePathNode", "content".getBytes(DATA_ENCODING), CreateMode.PERSISTENT, false);
        build2.create("/security", "content".getBytes(DATA_ENCODING), CreateMode.PERSISTENT, false);
        build2.close();
        clearSecuritySystemProperties();
        SolrZkClient build3 = new SolrZkClient.Builder().withUrl(this.zkServer.getZkAddress()).withTimeout(45000, TimeUnit.MILLISECONDS).build();
        build3.getZooKeeper().addAuthInfo("digest", "connectAndAllACLUsername:connectAndAllACLPassword".getBytes(StandardCharsets.UTF_8));
        build3.create("/unprotectedCreateNode", "content".getBytes(DATA_ENCODING), CreateMode.PERSISTENT, false);
        build3.makePath("/unprotectedMakePathNode", "content".getBytes(DATA_ENCODING), CreateMode.PERSISTENT, false);
        build3.close();
        setDigestZkSystemProps();
        if (log.isInfoEnabled()) {
            log.info("####SETUP_END {}", getTestName());
        }
    }

    private void setDigestZkSystemProps() {
        System.setProperty("zkCredentialsProvider", DigestZkCredentialsProvider.class.getName());
        System.setProperty("zkACLProvider", DigestZkACLProvider.class.getName());
    }

    @Override // org.apache.solr.SolrTestCaseJ4
    public void tearDown() throws Exception {
        this.zkServer.shutdown();
        clearSecuritySystemProperties();
        super.tearDown();
    }

    @Test
    public void testNoCredentials() throws Exception {
        testInjectors(List.of(new TestZkCredentialsInjector(this, NoCredentialZkCredentialsInjector.class), new TestZkCredentialsInjector(this, VMParamsZkCredentialsInjector.class)), false, false, false, false, false, false, false, false, false, false);
    }

    @Test
    public void testWrongCredentials() throws Exception {
        testInjectors(List.of(new TestZkCredentialsInjector(this, WrongAllCredentialZkCredentialsInjector.class), new TestZkCredentialsInjector(VMParamsZkCredentialsInjector.class, List.of("zkDigestUsername", "zkDigestPassword"), List.of(ALL_USERNAME, "connectAndAllACLPasswordWrong"))), false, false, false, false, false, false, false, false, false, false);
    }

    @Test
    public void testAllCredentials() throws Exception {
        testInjectors(List.of(new TestZkCredentialsInjector(this, AllCredentialZkCredentialsInjector.class), new TestZkCredentialsInjector(VMParamsZkCredentialsInjector.class, List.of("zkDigestUsername", "zkDigestPassword"), List.of(ALL_USERNAME, ALL_PASSWORD))), true, true, true, true, true, true, true, true, true, true);
    }

    @Test
    public void testReadonlyCredentials() throws Exception {
        testInjectors(List.of(new TestZkCredentialsInjector(this, ConnectWithReadonlyCredsInjector.class), new TestZkCredentialsInjector(VMParamsZkCredentialsInjector.class, List.of("zkDigestUsername", "zkDigestPassword"), List.of(READONLY_USERNAME, READONLY_PASSWORD))), true, true, false, false, false, false, false, false, false, false);
    }

    protected void testInjectors(List<TestZkCredentialsInjector> list, boolean z, boolean z2, boolean z3, boolean z4, boolean z5, boolean z6, boolean z7, boolean z8, boolean z9, boolean z10) throws Exception {
        for (TestZkCredentialsInjector testZkCredentialsInjector : list) {
            tearDown();
            setUp();
            testZkCredentialsInjector.setSystemProps();
            SolrZkClient build = new SolrZkClient.Builder().withUrl(this.zkServer.getZkAddress()).withTimeout(45000, TimeUnit.MILLISECONDS).build();
            try {
                doTest(build, z, z2, z3, z4, z5, z6, z7, z8, z9, z10);
                if (build != null) {
                    build.close();
                }
            } catch (Throwable th) {
                if (build != null) {
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    @Test
    public void testRepairACL() throws Exception {
        clearSecuritySystemProperties();
        SolrZkClient build = new SolrZkClient.Builder().withUrl(this.zkServer.getZkAddress()).withTimeout(45000, TimeUnit.MILLISECONDS).build();
        try {
            build.getZooKeeper().addAuthInfo("digest", "connectAndAllACLUsername:connectAndAllACLPassword".getBytes(StandardCharsets.UTF_8));
            build.create("/security.json", "{}".getBytes(StandardCharsets.UTF_8), CreateMode.PERSISTENT, false);
            assertEquals(ZooDefs.Ids.OPEN_ACL_UNSAFE, build.getACL("/security.json", (Stat) null, false));
            if (build != null) {
                build.close();
            }
            setSecuritySystemProperties();
            SolrZkClient build2 = new SolrZkClient.Builder().withUrl(this.zkServer.getZkAddress()).withTimeout(45000, TimeUnit.MILLISECONDS).build();
            try {
                ZkController.createClusterZkNodes(build2);
                assertNotEquals(ZooDefs.Ids.OPEN_ACL_UNSAFE, build2.getACL("/security.json", (Stat) null, false));
                if (build2 != null) {
                    build2.close();
                }
                useZkCredentialsInjector(ConnectWithReadonlyCredsInjector.class);
                build2 = new SolrZkClient.Builder().withUrl(this.zkServer.getZkAddress()).withTimeout(45000, TimeUnit.MILLISECONDS).build();
                try {
                    assertEquals("/security.json", assertThrows(KeeperException.NoAuthException.class, () -> {
                        build2.getData("/security.json", (Watcher) null, (Stat) null, false);
                    }).getPath());
                    if (build2 != null) {
                        build2.close();
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th) {
                    th.addSuppressed(th);
                }
            }
        }
    }

    private void useZkCredentialsInjector(Class<?> cls) {
        clearSecuritySystemProperties();
        setDigestZkSystemProps();
        System.setProperty("zkCredentialsInjector", cls.getName());
    }

    private void setSecuritySystemProperties() {
        System.setProperty("zkCredentialsProvider", DigestZkCredentialsProvider.class.getName());
        System.setProperty("zkACLProvider", DigestZkACLProvider.class.getName());
        System.setProperty("zkCredentialsInjector", AllAndReadonlyCredentialZkCredentialsInjector.class.getName());
    }

    private void clearSecuritySystemProperties() {
        System.clearProperty("zkCredentialsProvider");
        System.clearProperty("zkACLProvider");
        System.clearProperty("zkCredentialsInjector");
    }

    public static void doTest(SolrZkClient solrZkClient, boolean z, boolean z2, boolean z3, boolean z4, boolean z5, boolean z6, boolean z7, boolean z8, boolean z9, boolean z10) throws Exception {
        doTest(solrZkClient, "/protectedCreateNode", z, z2, z3, z4, z5);
        doTest(solrZkClient, "/protectedMakePathNode", z, z2, z3, z4, z5);
        doTest(solrZkClient, "/unprotectedCreateNode", true, true, true, true, z5);
        doTest(solrZkClient, "/unprotectedMakePathNode", true, true, true, true, z5);
        doTest(solrZkClient, "/security", z6, z7, z8, z9, z10);
    }

    protected static void doTest(SolrZkClient solrZkClient, String str, boolean z, boolean z2, boolean z3, boolean z4, boolean z5) throws Exception {
        doTest(z, () -> {
            solrZkClient.getData(str, (Watcher) null, (Stat) null, false);
        });
        doTest(z2, () -> {
            solrZkClient.getChildren(str, (Watcher) null, false);
        });
        doTest(z3, () -> {
            solrZkClient.create(str + "/subnode", (byte[]) null, CreateMode.PERSISTENT, false);
            solrZkClient.delete(str + "/subnode", -1, false);
        });
        doTest(z3, () -> {
            solrZkClient.makePath(str + "/subnode/subsubnode", false);
            solrZkClient.delete(str + "/subnode/subsubnode", -1, false);
            solrZkClient.delete(str + "/subnode", -1, false);
        });
        doTest(z4, () -> {
            solrZkClient.setData(str, (byte[]) null, false);
        });
        doTest(z5, () -> {
            solrZkClient.delete(str, -1, false);
        });
    }

    private static void doTest(boolean z, ExceptingRunnable exceptingRunnable) throws Exception {
        if (z) {
            exceptingRunnable.run();
        } else {
            Objects.requireNonNull(exceptingRunnable);
            expectThrows(KeeperException.NoAuthException.class, exceptingRunnable::run);
        }
    }

    @Test
    public void testVMParamsAllCredentialsFromFile() throws Exception {
        useVMParamsAllCredentialsFromFile();
        SolrZkClient build = new SolrZkClient.Builder().withUrl(this.zkServer.getZkAddress()).withTimeout(45000, TimeUnit.MILLISECONDS).build();
        try {
            doTest(build, true, true, true, true, true, true, true, true, true, true);
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testVMParamsReadonlyCredentialsFromFile() throws Exception {
        useVMParamsReadonlyCredentialsFromFile();
        SolrZkClient build = new SolrZkClient.Builder().withUrl(this.zkServer.getZkAddress()).withTimeout(45000, TimeUnit.MILLISECONDS).build();
        try {
            doTest(build, true, true, false, false, false, false, false, false, false, false);
            if (build != null) {
                build.close();
            }
        } catch (Throwable th) {
            if (build != null) {
                try {
                    build.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void useVMParamsAllCredentialsFromFile() throws IOException {
        useVMParamsCredentialsFromFile(ALL_USERNAME, ALL_PASSWORD);
    }

    private void useVMParamsReadonlyCredentialsFromFile() throws IOException {
        useVMParamsCredentialsFromFile(READONLY_USERNAME, READONLY_PASSWORD);
    }

    private void useVMParamsCredentialsFromFile(String str, String str2) throws IOException {
        Properties properties = new Properties();
        properties.setProperty("zkDigestUsername", str);
        properties.setProperty("zkDigestPassword", str2);
        String saveCredentialsFile = saveCredentialsFile(properties);
        useZkCredentialsInjector(VMParamsZkCredentialsInjector.class);
        System.setProperty("zkDigestCredentialsFile", saveCredentialsFile);
    }

    private String saveCredentialsFile(Properties properties) throws IOException {
        Path createTempFile = createTempFile("zk-creds", "properties");
        FileWriter fileWriter = new FileWriter(createTempFile.toFile(), StandardCharsets.UTF_8);
        try {
            properties.store(fileWriter, "test");
            fileWriter.close();
            return createTempFile.toAbsolutePath().toString();
        } catch (Throwable th) {
            try {
                fileWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
