package org.apache.pulsar.client.api;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.naming.AuthenticationException;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.PulsarServerException;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.AuthenticationDataCommand;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authentication.AuthenticationProvider;
import org.apache.pulsar.broker.authorization.AuthorizationProvider;
import org.apache.pulsar.broker.authorization.AuthorizationService;
import org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider;
import org.apache.pulsar.broker.cache.ConfigurationCacheService;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.impl.MessageIdImpl;
import org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.common.policies.data.AuthAction;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.NamespaceOperation;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.policies.data.TenantInfoImpl;
import org.apache.pulsar.common.policies.data.TenantOperation;
import org.apache.pulsar.common.policies.data.TopicOperation;
import org.apache.pulsar.common.util.RestException;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.Test;

@Test(groups = {"broker-api"})
/* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest.class */
public class AuthorizationProducerConsumerTest extends ProducerConsumerBase {
    private static final Logger log = LoggerFactory.getLogger(AuthorizationProducerConsumerTest.class);
    private static final String clientRole = "plugbleRole";
    private static final Set<String> clientAuthProviderSupportedRoles = Sets.newHashSet(new String[]{clientRole});

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$ClientAuthentication.class */
    public static class ClientAuthentication implements Authentication {
        String user;

        public ClientAuthentication(String str) {
            this.user = str;
        }

        public void close() throws IOException {
        }

        public String getAuthMethodName() {
            return "test";
        }

        public AuthenticationDataProvider getAuthData() throws PulsarClientException {
            return new AuthenticationDataProvider() { // from class: org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.ClientAuthentication.1
                public boolean hasDataForHttp() {
                    return true;
                }

                public Set<Map.Entry<String, String>> getHttpHeaders() {
                    return Sets.newHashSet(new Map.Entry[]{Maps.immutableEntry("user", ClientAuthentication.this.user)});
                }

                public boolean hasDataFromCommand() {
                    return true;
                }

                public String getCommandData() {
                    return ClientAuthentication.this.user;
                }
            };
        }

        public void configure(Map<String, String> map) {
        }

        public void start() throws PulsarClientException {
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthenticationProvider.class */
    public static class TestAuthenticationProvider implements AuthenticationProvider {
        public void close() throws IOException {
        }

        public void initialize(ServiceConfiguration serviceConfiguration) throws IOException {
        }

        public String getAuthMethodName() {
            return "test";
        }

        public String authenticate(AuthenticationDataSource authenticationDataSource) throws AuthenticationException {
            return authenticationDataSource.getCommandData() != null ? authenticationDataSource.getCommandData() : authenticationDataSource.getHttpHeader("user");
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthorizationProvider.class */
    public static class TestAuthorizationProvider implements AuthorizationProvider {
        public ServiceConfiguration conf;

        public void close() throws IOException {
        }

        public CompletableFuture<Boolean> isSuperUser(String str, ServiceConfiguration serviceConfiguration) {
            return CompletableFuture.completedFuture(Boolean.valueOf(str != null && serviceConfiguration.getSuperUserRoles().contains(str)));
        }

        public void initialize(ServiceConfiguration serviceConfiguration, ConfigurationCacheService configurationCacheService) throws IOException {
            this.conf = serviceConfiguration;
        }

        public CompletableFuture<Boolean> canProduceAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(Boolean.valueOf(AuthorizationProducerConsumerTest.clientAuthProviderSupportedRoles.contains(str)));
        }

        public CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
            return CompletableFuture.completedFuture(Boolean.valueOf(AuthorizationProducerConsumerTest.clientAuthProviderSupportedRoles.contains(str)));
        }

        public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(Boolean.valueOf(AuthorizationProducerConsumerTest.clientAuthProviderSupportedRoles.contains(str)));
        }

        public CompletableFuture<Boolean> allowFunctionOpsAsync(NamespaceName namespaceName, String str, AuthenticationDataSource authenticationDataSource) {
            return null;
        }

        public CompletableFuture<Boolean> allowSourceOpsAsync(NamespaceName namespaceName, String str, AuthenticationDataSource authenticationDataSource) {
            return null;
        }

        public CompletableFuture<Boolean> allowSinkOpsAsync(NamespaceName namespaceName, String str, AuthenticationDataSource authenticationDataSource) {
            return null;
        }

        public CompletableFuture<Void> grantPermissionAsync(NamespaceName namespaceName, Set<AuthAction> set, String str, String str2) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Void> grantPermissionAsync(TopicName topicName, Set<AuthAction> set, String str, String str2) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Void> grantSubscriptionPermissionAsync(NamespaceName namespaceName, String str, Set<String> set, String str2) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Void> revokeSubscriptionPermissionAsync(NamespaceName namespaceName, String str, String str2, String str3) {
            return CompletableFuture.completedFuture(null);
        }

        public CompletableFuture<Boolean> isTenantAdmin(String str, String str2, TenantInfo tenantInfo, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(true);
        }

        public CompletableFuture<Boolean> allowTenantOperationAsync(String str, String str2, TenantOperation tenantOperation, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(true);
        }

        public Boolean allowTenantOperation(String str, String str2, TenantOperation tenantOperation, AuthenticationDataSource authenticationDataSource) {
            return true;
        }

        public CompletableFuture<Boolean> allowNamespaceOperationAsync(NamespaceName namespaceName, String str, NamespaceOperation namespaceOperation, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(true);
        }

        public Boolean allowNamespaceOperation(NamespaceName namespaceName, String str, NamespaceOperation namespaceOperation, AuthenticationDataSource authenticationDataSource) {
            return null;
        }

        public CompletableFuture<Boolean> allowTopicOperationAsync(TopicName topicName, String str, TopicOperation topicOperation, AuthenticationDataSource authenticationDataSource) {
            return str.equals(AuthorizationProducerConsumerTest.clientRole) ? CompletableFuture.completedFuture(true) : CompletableFuture.completedFuture(false);
        }

        public Boolean allowTopicOperation(TopicName topicName, String str, TopicOperation topicOperation, AuthenticationDataSource authenticationDataSource) {
            try {
                return allowTopicOperationAsync(topicName, str, topicOperation, authenticationDataSource).get();
            } catch (InterruptedException e) {
                throw new RestException(e);
            } catch (ExecutionException e2) {
                throw new RestException(e2);
            }
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthorizationProvider2.class */
    public static class TestAuthorizationProvider2 extends TestAuthorizationProvider {
        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canProduceAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(true);
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
            return CompletableFuture.completedFuture(false);
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
            return CompletableFuture.completedFuture(true);
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthorizationProviderWithGrantPermission.class */
    public static class TestAuthorizationProviderWithGrantPermission extends TestAuthorizationProvider {
        private Set<String> grantRoles = Sets.newHashSet();
        static AuthenticationDataSource authenticationData;
        static String authDataJson;

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canProduceAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
            authenticationData = authenticationDataSource;
            return CompletableFuture.completedFuture(Boolean.valueOf(this.grantRoles.contains(str)));
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource, String str2) {
            authenticationData = authenticationDataSource;
            return CompletableFuture.completedFuture(Boolean.valueOf(this.grantRoles.contains(str)));
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String str, AuthenticationDataSource authenticationDataSource) {
            authenticationData = authenticationDataSource;
            return CompletableFuture.completedFuture(Boolean.valueOf(this.grantRoles.contains(str)));
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Void> grantPermissionAsync(NamespaceName namespaceName, Set<AuthAction> set, String str, String str2) {
            authDataJson = str2;
            this.grantRoles.add(str);
            return CompletableFuture.completedFuture(null);
        }

        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Void> grantPermissionAsync(TopicName topicName, Set<AuthAction> set, String str, String str2) {
            authDataJson = str2;
            this.grantRoles.add(str);
            return CompletableFuture.completedFuture(null);
        }
    }

    /* loaded from: input_file:org/apache/pulsar/client/api/AuthorizationProducerConsumerTest$TestAuthorizationProviderWithSubscriptionPrefix.class */
    public static class TestAuthorizationProviderWithSubscriptionPrefix extends TestAuthorizationProvider {
        @Override // org.apache.pulsar.client.api.AuthorizationProducerConsumerTest.TestAuthorizationProvider
        public CompletableFuture<Boolean> allowTopicOperationAsync(TopicName topicName, String str, TopicOperation topicOperation, AuthenticationDataSource authenticationDataSource) {
            CompletableFuture<Boolean> completableFuture = new CompletableFuture<>();
            if (authenticationDataSource.hasSubscription()) {
                String subscription = authenticationDataSource.getSubscription();
                if (StringUtils.isNotBlank(subscription) && !subscription.startsWith(str)) {
                    completableFuture.completeExceptionally(new PulsarServerException("The subscription name needs to be prefixed by the authentication role"));
                }
            }
            completableFuture.complete(Boolean.valueOf(AuthorizationProducerConsumerTest.clientRole.equals(str)));
            return completableFuture;
        }
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    protected void setup() throws Exception {
        this.conf.setAuthenticationEnabled(true);
        this.conf.setAuthorizationEnabled(true);
        HashSet hashSet = new HashSet();
        hashSet.add("superUser");
        this.conf.setSuperUserRoles(hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(TestAuthenticationProvider.class.getName());
        this.conf.setAuthenticationProviders(hashSet2);
        this.conf.setClusterName("test");
        super.init();
    }

    @Override // org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest
    @AfterMethod(alwaysRun = true)
    protected void cleanup() throws Exception {
        super.internalCleanup();
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testProducerAndConsumerAuthorization() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(TestAuthorizationProvider.class.getName());
        setup();
        PulsarAdmin pulsarAdmin = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrl.toString()).authentication(new ClientAuthentication("superUser")).build());
        try {
            String brokerServiceUrl = this.pulsar.getBrokerServiceUrl();
            ClientAuthentication clientAuthentication = new ClientAuthentication(clientRole);
            ClientAuthentication clientAuthentication2 = new ClientAuthentication("test-role");
            PulsarClient build = PulsarClient.builder().serviceUrl(brokerServiceUrl).authentication(clientAuthentication).operationTimeout(1000, TimeUnit.MILLISECONDS).build();
            try {
                PulsarClient build2 = PulsarClient.builder().serviceUrl(brokerServiceUrl).operationTimeout(1000, TimeUnit.MILLISECONDS).authentication(clientAuthentication2).build();
                try {
                    pulsarAdmin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.brokerUrl.toString()).build());
                    pulsarAdmin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet(new String[]{"appid1", "appid2"}), Sets.newHashSet(new String[]{"test"})));
                    pulsarAdmin.namespaces().createNamespace("my-property/my-ns", Sets.newHashSet(new String[]{"test"}));
                    Consumer subscribe = build.newConsumer().topic(new String[]{"persistent://my-property/my-ns/my-topic"}).subscriptionName("my-subscriber-name").subscribe();
                    Producer create = build.newProducer().topic("persistent://my-property/my-ns/my-topic").create();
                    subscribe.close();
                    create.close();
                    try {
                        build2.newConsumer().topic(new String[]{"persistent://my-property/my-ns/my-topic"}).subscriptionName("my-subscriber-name").subscribe();
                        Assert.fail("should have failed with authorization error");
                    } catch (PulsarClientException.AuthorizationException e) {
                    }
                    try {
                        build2.newProducer().topic("persistent://my-property/my-ns/my-topic").create();
                        Assert.fail("should have failed with authorization error");
                    } catch (PulsarClientException.AuthorizationException e2) {
                    }
                    log.info("-- Exiting {} test --", this.methodName);
                    if (Collections.singletonList(build2).get(0) != null) {
                        build2.close();
                    }
                    if (Collections.singletonList(build).get(0) != null) {
                        build.close();
                    }
                } catch (Throwable th) {
                    if (Collections.singletonList(build2).get(0) != null) {
                        build2.close();
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                if (Collections.singletonList(build).get(0) != null) {
                    build.close();
                }
                throw th2;
            }
        } finally {
            if (Collections.singletonList(pulsarAdmin).get(0) != null) {
                pulsarAdmin.close();
            }
        }
    }

    @Test
    public void testSubscriberPermission() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(PulsarAuthorizationProvider.class.getName());
        setup();
        ClientAuthentication clientAuthentication = new ClientAuthentication("superUser");
        clientAuthProviderSupportedRoles.add("sub1-role");
        PulsarAdmin pulsarAdmin = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrl.toString()).authentication(clientAuthentication).build());
        try {
            pulsarAdmin = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrl.toString()).authentication(new ClientAuthentication("tenant-role")).build());
            try {
                PulsarAdmin pulsarAdmin2 = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrl.toString()).authentication(new ClientAuthentication("sub1-role")).build());
                try {
                    ClientAuthentication clientAuthentication2 = new ClientAuthentication("sub1-role");
                    pulsarAdmin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.brokerUrl.toString()).build());
                    pulsarAdmin.tenants().createTenant("my-property", new TenantInfoImpl(Sets.newHashSet(new String[]{"tenant-role"}), Sets.newHashSet(new String[]{"test"})));
                    pulsarAdmin.namespaces().createNamespace("my-property/my-ns-sub-auth", Sets.newHashSet(new String[]{"test"}));
                    pulsarAdmin.namespaces().grantPermissionOnNamespace("my-property/my-ns-sub-auth", "sub1-role", Collections.singleton(AuthAction.consume));
                    replacePulsarClient(PulsarClient.builder().serviceUrl(this.pulsar.getBrokerServiceUrl()).authentication(clientAuthentication2));
                    this.pulsarClient.newConsumer().topic(new String[]{"persistent://my-property/my-ns-sub-auth/my-topic"}).subscriptionName("sub1").subscribe().close();
                    pulsarAdmin.topics().skipAllMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1");
                    pulsarAdmin.topics().skipMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 1L);
                    try {
                        pulsarAdmin.topics().expireMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 10L);
                    } catch (Exception e) {
                        Assert.assertTrue(e.getMessage().startsWith("Expire message by timestamp not issued on topic"));
                    }
                    pulsarAdmin.topics().expireMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", new MessageIdImpl(-1L, -1L, -1), true);
                    pulsarAdmin.topics().peekMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 1);
                    pulsarAdmin.topics().resetCursor("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 10L);
                    pulsarAdmin.topics().resetCursor("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", MessageId.earliest);
                    pulsarAdmin.namespaces().grantPermissionOnNamespace("my-property/my-ns-sub-auth", "sub1-role", Collections.singleton(AuthAction.consume));
                    pulsarAdmin2.topics().resetCursor("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 10L);
                    pulsarAdmin.namespaces().grantPermissionOnSubscription("my-property/my-ns-sub-auth", "sub1", Collections.singleton("Principal-1-to-access-sub"));
                    try {
                        pulsarAdmin2.topics().resetCursor("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 10L);
                        Assert.fail("should have fail with authorization exception");
                    } catch (PulsarAdminException.NotAuthorizedException e2) {
                    }
                    try {
                        pulsarAdmin2.topics().resetCursor("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", MessageId.earliest);
                        Assert.fail("should have fail with authorization exception");
                    } catch (PulsarAdminException.NotAuthorizedException e3) {
                    }
                    pulsarAdmin.namespaces().grantPermissionOnSubscription("my-property/my-ns-sub-auth", "sub1", Sets.newHashSet(new String[]{"Principal-1-to-access-sub", "sub1-role"}));
                    pulsarAdmin2.topics().skipAllMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1");
                    pulsarAdmin2.topics().skipMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 1L);
                    try {
                        pulsarAdmin.topics().expireMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 10L);
                    } catch (Exception e4) {
                        Assert.assertTrue(e4.getMessage().startsWith("Expire message by timestamp not issued on topic"));
                    }
                    pulsarAdmin2.topics().peekMessages("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 1);
                    pulsarAdmin2.topics().resetCursor("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 10L);
                    pulsarAdmin2.topics().resetCursor("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", MessageId.earliest);
                    pulsarAdmin.namespaces().revokePermissionOnSubscription("my-property/my-ns-sub-auth", "sub1", "sub1-role");
                    try {
                        pulsarAdmin2.topics().resetCursor("persistent://my-property/my-ns-sub-auth/my-topic", "sub1", 10L);
                        Assert.fail("should have fail with authorization exception");
                    } catch (PulsarAdminException.NotAuthorizedException e5) {
                    }
                    log.info("-- Exiting {} test --", this.methodName);
                    if (Collections.singletonList(pulsarAdmin2).get(0) != null) {
                        pulsarAdmin2.close();
                    }
                    if (Collections.singletonList(pulsarAdmin).get(0) != null) {
                        pulsarAdmin.close();
                    }
                } finally {
                    if (Collections.singletonList(pulsarAdmin2).get(0) != null) {
                        pulsarAdmin2.close();
                    }
                }
            } finally {
                if (Collections.singletonList(pulsarAdmin).get(0) != null) {
                    pulsarAdmin.close();
                }
            }
        } catch (Throwable th) {
            if (Collections.singletonList(pulsarAdmin).get(0) != null) {
                pulsarAdmin.close();
            }
            throw th;
        }
    }

    @Test
    public void testSubscriptionPrefixAuthorization() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(TestAuthorizationProviderWithSubscriptionPrefix.class.getName());
        setup();
        PulsarAdmin pulsarAdmin = (PulsarAdmin) Mockito.spy(PulsarAdmin.builder().serviceHttpUrl(this.brokerUrl.toString()).authentication(new ClientAuthentication("superUser")).build());
        try {
            replacePulsarClient(PulsarClient.builder().serviceUrl(this.pulsar.getBrokerServiceUrl()).authentication(new ClientAuthentication(clientRole)));
            pulsarAdmin.clusters().createCluster("test", ClusterData.builder().serviceUrl(this.brokerUrl.toString()).build());
            pulsarAdmin.tenants().createTenant("prop-prefix", new TenantInfoImpl(Sets.newHashSet(new String[]{"appid1", "appid2"}), Sets.newHashSet(new String[]{"test"})));
            pulsarAdmin.namespaces().createNamespace("prop-prefix/ns", Sets.newHashSet(new String[]{"test"}));
            this.pulsarClient.newConsumer().topic(new String[]{"persistent://prop-prefix/ns/t1"}).subscriptionName("plugbleRole-sub1").subscribe().close();
            try {
                this.pulsarClient.newConsumer().topic(new String[]{"persistent://prop-prefix/ns/t1"}).subscriptionName("sub1").subscribe();
                Assert.fail("should have failed with authorization error");
            } catch (PulsarClientException.AuthorizationException e) {
            }
            log.info("-- Exiting {} test --", this.methodName);
            if (Collections.singletonList(pulsarAdmin).get(0) != null) {
                pulsarAdmin.close();
            }
        } catch (Throwable th) {
            if (Collections.singletonList(pulsarAdmin).get(0) != null) {
                pulsarAdmin.close();
            }
            throw th;
        }
    }

    @Test
    public void testGrantPermission() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(TestAuthorizationProviderWithGrantPermission.class.getName());
        setup();
        AuthorizationService authorizationService = new AuthorizationService(this.conf, (ConfigurationCacheService) null);
        TopicName topicName = TopicName.get("persistent://prop/cluster/ns/t1");
        Assert.assertFalse(authorizationService.canProduce(topicName, "test-role", (AuthenticationDataSource) null));
        Assert.assertFalse(authorizationService.canConsume(topicName, "test-role", (AuthenticationDataSource) null, "sub1"));
        authorizationService.grantPermissionAsync(topicName, (Set) null, "test-role", "auth-json").get();
        Assert.assertTrue(authorizationService.canProduce(topicName, "test-role", (AuthenticationDataSource) null));
        Assert.assertTrue(authorizationService.canConsume(topicName, "test-role", (AuthenticationDataSource) null, "sub1"));
        log.info("-- Exiting {} test --", this.methodName);
    }

    @Test
    public void testAuthData() throws Exception {
        log.info("-- Starting {} test --", this.methodName);
        this.conf.setAuthorizationProvider(TestAuthorizationProviderWithGrantPermission.class.getName());
        setup();
        AuthorizationService authorizationService = new AuthorizationService(this.conf, (ConfigurationCacheService) null);
        TopicName topicName = TopicName.get("persistent://prop/cluster/ns/t1");
        authorizationService.grantPermissionAsync(topicName, (Set) null, "test-role", "auth-json").get();
        Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authDataJson, "auth-json");
        Assert.assertTrue(authorizationService.canProduce(topicName, "test-role", new AuthenticationDataCommand("prod-auth")));
        Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authenticationData.getCommandData(), "prod-auth");
        Assert.assertTrue(authorizationService.canConsume(topicName, "test-role", new AuthenticationDataCommand("cons-auth"), "sub1"));
        Assert.assertEquals(TestAuthorizationProviderWithGrantPermission.authenticationData.getCommandData(), "cons-auth");
        log.info("-- Exiting {} test --", this.methodName);
    }
}
