package io.confluent.rbacdb.orm;

import io.confluent.security.authorizer.Scope;
import io.confluent.security.rbac.RoleBinding;
import io.confluent.testing.TestIndependenceUtil;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import javax.management.MalformedObjectNameException;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:io/confluent/rbacdb/orm/RbacOrmDbServiceTest.class */
public class RbacOrmDbServiceTest {
    private RbacOrmDbService ormService;
    private final String dbUrlStrFormat = "jdbc:h2:mem:%s;MODE=PostgreSQL;DATABASE_TO_LOWER=TRUE;INIT=RUNSCRIPT FROM '%s'";
    private final String h2Schema = "src/test/resources/rbac_schema_h2.sql";

    @BeforeMethod
    public void setupDb(Method method) throws MalformedObjectNameException {
        this.ormService = new RbacOrmDbService(String.format("jdbc:h2:mem:%s;MODE=PostgreSQL;DATABASE_TO_LOWER=TRUE;INIT=RUNSCRIPT FROM '%s'", method.getName(), "src/test/resources/rbac_schema_h2.sql"), "user", "", true, 10);
    }

    @AfterMethod
    public void tearDown() throws Exception {
        this.ormService.close();
    }

    @Test
    public void testGetInitialRoleBindings() {
        Set rbacRoleBindings = this.ormService.rbacRoleBindings(new KafkaPrincipal("User", "flowserviceadmin"));
        Assert.assertEquals(rbacRoleBindings.size(), 1);
        RoleBinding roleBinding = (RoleBinding) rbacRoleBindings.iterator().next();
        Assert.assertEquals(roleBinding.principal(), new KafkaPrincipal("User", "flowserviceadmin"));
        Assert.assertEquals(roleBinding.scope(), new Scope.Builder(new String[0]).build());
        Assert.assertEquals(roleBinding.role(), "CCloudRoleBindingAdmin");
    }

    @Test
    public void testBasicAddRemoveRoleBindings() {
        Scope build = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=stg").addPath("cloud-cluster=1").build();
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", "testCallingUser");
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", "testAddRemoveTargetUser");
        RoleBinding roleBinding = new RoleBinding(kafkaPrincipal2, "CloudClusterAdmin", build, (Collection) null);
        this.ormService.addRoleBinding(kafkaPrincipal, roleBinding.principal(), roleBinding.role(), roleBinding.scope());
        Set rbacRoleBindings = this.ormService.rbacRoleBindings(kafkaPrincipal2);
        Assert.assertEquals(rbacRoleBindings.size(), 1);
        Assert.assertTrue(rbacRoleBindings.contains(roleBinding));
        this.ormService.removeRoleBinding(kafkaPrincipal, roleBinding.principal(), roleBinding.role(), roleBinding.scope());
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 0);
    }

    @Test
    public void testSqlInjection() {
        Scope build = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=stg").addPath("cloud-cluster=1").build();
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", "'; drop table rbac.rolebinding;");
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", "'; drop table rbac.rolebinding;");
        RoleBinding roleBinding = new RoleBinding(kafkaPrincipal2, "CloudClusterAdmin", build, (Collection) null);
        this.ormService.addRoleBinding(kafkaPrincipal, roleBinding.principal(), roleBinding.role(), roleBinding.scope());
        Set rbacRoleBindings = this.ormService.rbacRoleBindings(kafkaPrincipal2);
        Assert.assertEquals(rbacRoleBindings.size(), 1);
        Assert.assertTrue(((RoleBinding) rbacRoleBindings.iterator().next()).principal().getName().equals("'; drop table rbac.rolebinding;"));
        this.ormService.removeRoleBinding(kafkaPrincipal, roleBinding.principal(), roleBinding.role(), roleBinding.scope());
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 0);
    }

    @Test
    public void testAdvancedAddRemoveRoleBindings() {
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("alice"));
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("bob"));
        KafkaPrincipal kafkaPrincipal3 = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("caller"));
        String uniquify = TestIndependenceUtil.uniquify("acme");
        Scope build = new Scope.Builder(new String[0]).addPath("organization=" + uniquify).build();
        Scope build2 = new Scope.Builder(new String[0]).addPath("organization=" + uniquify).addPath("environment=dev").build();
        Scope build3 = new Scope.Builder(new String[0]).addPath("organization=" + uniquify).addPath("environment=stg").build();
        String uniquify2 = TestIndependenceUtil.uniquify("reason");
        String str = uniquify2 + "-1";
        String str2 = uniquify2 + "-2";
        String str3 = uniquify2 + "-3";
        String str4 = uniquify2 + "-4";
        String str5 = uniquify2 + "-5";
        Assert.assertTrue(this.ormService.rbacRoleBindings(kafkaPrincipal).isEmpty());
        Assert.assertTrue(this.ormService.rbacRoleBindings(kafkaPrincipal2).isEmpty());
        this.ormService.addRoleBinding(kafkaPrincipal3, kafkaPrincipal2, "EnvironmentAdmin", build3, str);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 1);
        Assert.assertTrue(this.ormService.rbacRoleBindings(kafkaPrincipal).isEmpty(), "alice still no role");
        List rbacRoleBindingRecordsIncludingDeleted = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted.size(), 1);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted.stream().filter(roleBindingRecord -> {
            return roleBindingRecord.getDeleted().booleanValue();
        }).count(), 0L);
        this.ormService.addRoleBinding(kafkaPrincipal3, kafkaPrincipal2, "EnvironmentAdmin", build2, str);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 2);
        Assert.assertTrue(this.ormService.rbacRoleBindings(kafkaPrincipal).isEmpty(), "alice still no role");
        List rbacRoleBindingRecordsIncludingDeleted2 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted2.size(), 2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted2.stream().filter(roleBindingRecord2 -> {
            return roleBindingRecord2.getDeleted().booleanValue();
        }).count(), 0L);
        this.ormService.addRoleBinding(kafkaPrincipal3, kafkaPrincipal2, "OrganizationAdmin", build, str2);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 3);
        Assert.assertTrue(this.ormService.rbacRoleBindings(kafkaPrincipal).isEmpty(), "alice still no role");
        List rbacRoleBindingRecordsIncludingDeleted3 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted3.size(), 2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted3.stream().filter(roleBindingRecord3 -> {
            return roleBindingRecord3.getDeleted().booleanValue();
        }).count(), 0L);
        List rbacRoleBindingRecordsIncludingDeleted4 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted4.size(), 1);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted4.stream().filter(roleBindingRecord4 -> {
            return roleBindingRecord4.getDeleted().booleanValue();
        }).count(), 0L);
        this.ormService.addRoleBinding(kafkaPrincipal3, kafkaPrincipal, "OrganizationAdmin", build, str);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 3);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal).size(), 1);
        List rbacRoleBindingRecordsIncludingDeleted5 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted5.size(), 3);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted5.stream().filter(roleBindingRecord5 -> {
            return roleBindingRecord5.getDeleted().booleanValue();
        }).count(), 0L);
        List rbacRoleBindingRecordsIncludingDeleted6 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted6.size(), 1);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted6.stream().filter(roleBindingRecord6 -> {
            return roleBindingRecord6.getDeleted().booleanValue();
        }).count(), 0L);
        this.ormService.removeRoleBinding(kafkaPrincipal3, kafkaPrincipal2, "OrganizationAdmin", build, str3);
        List rbacRoleBindingRecordsIncludingDeleted7 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted7.size(), 3);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted7.stream().filter(roleBindingRecord7 -> {
            return roleBindingRecord7.getDeleted().booleanValue();
        }).count(), 0L);
        List rbacRoleBindingRecordsIncludingDeleted8 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted8.size(), 0);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted8.stream().filter(roleBindingRecord8 -> {
            return roleBindingRecord8.getDeleted().booleanValue();
        }).count(), 0L);
        List rbacRoleBindingRecordsIncludingDeleted9 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str3);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted9.size(), 1);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted9.stream().filter(roleBindingRecord9 -> {
            return roleBindingRecord9.getDeleted().booleanValue();
        }).count(), 1L);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 2);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal).size(), 1);
        this.ormService.removeAllRoleBindingsForPrincipal(kafkaPrincipal3, kafkaPrincipal2, str4);
        List rbacRoleBindingRecordsIncludingDeleted10 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted10.size(), 1);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted10.stream().filter(roleBindingRecord10 -> {
            return roleBindingRecord10.getDeleted().booleanValue();
        }).count(), 0L);
        List rbacRoleBindingRecordsIncludingDeleted11 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted11.size(), 0);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted11.stream().filter(roleBindingRecord11 -> {
            return roleBindingRecord11.getDeleted().booleanValue();
        }).count(), 0L);
        List rbacRoleBindingRecordsIncludingDeleted12 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str3);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted12.size(), 1);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted12.stream().filter(roleBindingRecord12 -> {
            return roleBindingRecord12.getDeleted().booleanValue();
        }).count(), 1L);
        List rbacRoleBindingRecordsIncludingDeleted13 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str4);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted13.size(), 2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted13.stream().filter(roleBindingRecord13 -> {
            return roleBindingRecord13.getDeleted().booleanValue();
        }).count(), 2L);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 0);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal).size(), 1);
        this.ormService.removeAllRoleBindingsForScope(kafkaPrincipal3, build, str5);
        List rbacRoleBindingRecordsIncludingDeleted14 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted14.size(), 0);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted14.stream().filter(roleBindingRecord14 -> {
            return roleBindingRecord14.getDeleted().booleanValue();
        }).count(), 0L);
        List rbacRoleBindingRecordsIncludingDeleted15 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted15.size(), 0);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted15.stream().filter(roleBindingRecord15 -> {
            return roleBindingRecord15.getDeleted().booleanValue();
        }).count(), 0L);
        List rbacRoleBindingRecordsIncludingDeleted16 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str3);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted16.size(), 1);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted16.stream().filter(roleBindingRecord16 -> {
            return roleBindingRecord16.getDeleted().booleanValue();
        }).count(), 1L);
        List rbacRoleBindingRecordsIncludingDeleted17 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str4);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted17.size(), 2);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted17.stream().filter(roleBindingRecord17 -> {
            return roleBindingRecord17.getDeleted().booleanValue();
        }).count(), 2L);
        List rbacRoleBindingRecordsIncludingDeleted18 = this.ormService.rbacRoleBindingRecordsIncludingDeleted(str5);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted18.size(), 1);
        Assert.assertEquals(rbacRoleBindingRecordsIncludingDeleted18.stream().filter(roleBindingRecord18 -> {
            return roleBindingRecord18.getDeleted().booleanValue();
        }).count(), 1L);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal2).size(), 0);
        Assert.assertEquals(this.ormService.rbacRoleBindings(kafkaPrincipal).size(), 0);
    }
}
