package org.camunda.bpm.engine.test.api.identity;

import java.util.Iterator;
import java.util.List;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.BadUserRequestException;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.BatchPermissions;
import org.camunda.bpm.engine.authorization.MissingAuthorization;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.ProcessDefinitionPermissions;
import org.camunda.bpm.engine.authorization.ProcessInstancePermissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity;
import org.camunda.bpm.engine.impl.test.PluggableProcessEngineTestCase;
import org.camunda.bpm.engine.test.api.authorization.util.AuthorizationTestUtil;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/identity/AuthorizationServiceAuthorizationsTest.class */
public class AuthorizationServiceAuthorizationsTest extends PluggableProcessEngineTestCase {
    private static final String jonny2 = "jonny2";

    /* loaded from: input_file:org/camunda/bpm/engine/test/api/identity/AuthorizationServiceAuthorizationsTest$ResourceImpl.class */
    class ResourceImpl implements Resource {
        String resourceName;
        int resourceType;

        public ResourceImpl(String str, int i) {
            this.resourceName = str;
            this.resourceType = i;
        }

        public String resourceName() {
            return this.resourceName;
        }

        public int resourceType() {
            return this.resourceType;
        }
    }

    protected void tearDown() throws Exception {
        this.processEngineConfiguration.setAuthorizationEnabled(false);
        cleanupAfterTest();
        super.tearDown();
    }

    public void testCreateAuthorization() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.AUTHORIZATION);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.CREATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.authorizationService.createNewAuthorization(0);
            fail("exception expected");
        } catch (AuthorizationException e) {
            assertEquals(1, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.CREATE.getName(), Resources.AUTHORIZATION.resourceName(), null, missingAuthorization);
        }
        AuthorizationEntity authorizationEntity = new AuthorizationEntity(2);
        authorizationEntity.setUserId("someUserId");
        authorizationEntity.setResource(Resources.APPLICATION);
        try {
            this.authorizationService.saveAuthorization(authorizationEntity);
            fail("exception expected");
        } catch (AuthorizationException e2) {
            assertEquals(1, e2.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization2 = (MissingAuthorization) e2.getMissingAuthorizations().get(0);
            assertEquals(jonny2, e2.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.CREATE.getName(), Resources.AUTHORIZATION.resourceName(), null, missingAuthorization2);
        }
    }

    public void testDeleteAuthorization() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.AUTHORIZATION);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.DELETE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        try {
            this.authorizationService.deleteAuthorization(createNewAuthorization.getId());
            fail("exception expected");
        } catch (AuthorizationException e) {
            assertEquals(1, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.DELETE.getName(), Resources.AUTHORIZATION.resourceName(), createNewAuthorization.getId(), missingAuthorization);
        }
    }

    public void testUserUpdateAuthorizations() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.AUTHORIZATION);
        createNewAuthorization.setResourceId("*");
        createNewAuthorization.addPermission(Permissions.ALL);
        createNewAuthorization.removePermission(Permissions.UPDATE);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.identityService.setAuthenticatedUserId(jonny2);
        Authorization authorization = (Authorization) this.authorizationService.createAuthorizationQuery().singleResult();
        authorization.addPermission(Permissions.ALL);
        try {
            this.authorizationService.saveAuthorization(authorization);
            fail("exception expected");
        } catch (AuthorizationException e) {
            assertEquals(1, e.getMissingAuthorizations().size());
            MissingAuthorization missingAuthorization = (MissingAuthorization) e.getMissingAuthorizations().get(0);
            assertEquals(jonny2, e.getUserId());
            AuthorizationTestUtil.assertExceptionInfo(Permissions.UPDATE.getName(), Resources.AUTHORIZATION.resourceName(), authorization.getId(), missingAuthorization);
        }
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization2.setUserId(jonny2);
        createNewAuthorization2.setResource(Resources.AUTHORIZATION);
        createNewAuthorization2.setResourceId("*");
        createNewAuthorization2.addPermission(Permissions.ALL);
        this.authorizationService.saveAuthorization(createNewAuthorization2);
    }

    public void testAuthorizationQueryAuthorizations() {
        this.identityService.setAuthenticatedUserId(jonny2);
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(0);
        createNewAuthorization.setResource(Resources.AUTHORIZATION);
        createNewAuthorization.setResourceId("*");
        this.authorizationService.saveAuthorization(createNewAuthorization);
        assertEquals(1L, this.authorizationService.createAuthorizationQuery().count());
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        assertEquals(0L, this.authorizationService.createAuthorizationQuery().count());
    }

    public void testSaveAuthorizationAddPermissionWithInvalidResource() throws Exception {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("userId");
        createNewAuthorization.addPermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES);
        createNewAuthorization.setResource(Resources.APPLICATION);
        createNewAuthorization.setResourceId("*");
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        try {
            this.authorizationService.saveAuthorization(createNewAuthorization);
            fail("expected exception");
        } catch (BadUserRequestException e) {
            assertTrue(e.getMessage().contains("The resource type with id:'0' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission."));
        }
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization2.setUserId("userId");
        createNewAuthorization2.addPermission(Permissions.ACCESS);
        createNewAuthorization2.setResource(Resources.BATCH);
        try {
            this.authorizationService.saveAuthorization(createNewAuthorization2);
            fail("expected exception");
        } catch (BadUserRequestException e2) {
            assertTrue(e2.getMessage().contains("The resource type with id:'13' is not valid for 'ACCESS' permission."));
        }
    }

    public void testSaveAuthorizationMultipleResourcesIncludingInvalidResource() throws Exception {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("userId");
        createNewAuthorization.addPermission(Permissions.READ_HISTORY);
        createNewAuthorization.addPermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES);
        createNewAuthorization.setResource(Resources.PROCESS_DEFINITION);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        try {
            this.authorizationService.saveAuthorization(createNewAuthorization);
            fail("expected exception");
        } catch (BadUserRequestException e) {
            assertTrue(e.getMessage().contains("The resource type with id:'6' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission."));
        }
    }

    public void testSaveAuthorizationRemovePermissionWithInvalidResource() throws Exception {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(2);
        createNewAuthorization.setUserId("userId");
        createNewAuthorization.removePermission(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES);
        createNewAuthorization.setResource(Resources.PROCESS_DEFINITION);
        createNewAuthorization.setResourceId("*");
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        try {
            this.authorizationService.saveAuthorization(createNewAuthorization);
            fail("expected exception");
        } catch (BadUserRequestException e) {
            assertTrue(e.getMessage().contains("The resource type with id:'6' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission."));
        }
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(2);
        createNewAuthorization2.setUserId("userId");
        createNewAuthorization2.addPermission(Permissions.ACCESS);
        createNewAuthorization2.setResource(Resources.PROCESS_DEFINITION);
        try {
            this.authorizationService.saveAuthorization(createNewAuthorization2);
            fail("expected exception");
        } catch (BadUserRequestException e2) {
            assertTrue(e2.getMessage().contains("The resource type with id:'6' is not valid for 'ACCESS' permission."));
        }
    }

    public void testSaveAuthorizationSetPermissionsWithInvalidResource() throws Exception {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("userId");
        createNewAuthorization.setPermissions(new BatchPermissions[]{BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES});
        createNewAuthorization.setResource(Resources.PROCESS_INSTANCE);
        createNewAuthorization.setResourceId("*");
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        try {
            this.authorizationService.saveAuthorization(createNewAuthorization);
            fail("expected exception");
        } catch (BadUserRequestException e) {
            assertTrue(e.getMessage().contains("The resource type with id:'8' is not valid for 'CREATE_BATCH_MIGRATE_PROCESS_INSTANCES' permission."));
        }
        Authorization createNewAuthorization2 = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization2.setUserId("userId");
        createNewAuthorization2.setPermissions(new Permissions[]{Permissions.CREATE, Permissions.ACCESS});
        createNewAuthorization2.setResource(Resources.PROCESS_INSTANCE);
        try {
            this.authorizationService.saveAuthorization(createNewAuthorization2);
            fail("expected exception");
        } catch (BadUserRequestException e2) {
            assertTrue(e2.getMessage().contains("The resource type with id:'8' is not valid for 'ACCESS' permission."));
        }
    }

    public void testSaveAuthorizationSetPermissionsWithValidResource() throws Exception {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("userId");
        createNewAuthorization.addPermission(Permissions.ACCESS);
        createNewAuthorization.setPermissions(new BatchPermissions[]{BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES});
        createNewAuthorization.setResource(Resources.BATCH);
        createNewAuthorization.setResourceId("*");
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        this.authorizationService.saveAuthorization(createNewAuthorization);
        Authorization authorization = (Authorization) this.authorizationService.createAuthorizationQuery().resourceType(Resources.BATCH).singleResult();
        assertNotNull(authorization);
        assertTrue(authorization.isPermissionGranted(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES));
        assertTrue(authorization.isPermissionGranted(BatchPermissions.CREATE_BATCH_DELETE_DECISION_INSTANCES));
    }

    public void testIsUserAuthorizedWithInvalidResource() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("userId");
        createNewAuthorization.addPermission(Permissions.ACCESS);
        createNewAuthorization.setResource(Resources.APPLICATION);
        createNewAuthorization.setResourceId("*");
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        assertEquals(true, this.authorizationService.isUserAuthorized("userId", (List) null, Permissions.ACCESS, Resources.APPLICATION));
        assertEquals(false, this.authorizationService.isUserAuthorized("userId", (List) null, BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, Resources.BATCH));
        assertEquals(false, this.authorizationService.isUserAuthorized("userId", (List) null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_DEFINITION));
        assertEquals(false, this.authorizationService.isUserAuthorized("userId", (List) null, ProcessInstancePermissions.RETRY_JOB, Resources.PROCESS_INSTANCE));
        try {
            this.authorizationService.isUserAuthorized("userId", (List) null, BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, Resources.APPLICATION);
            fail("expected exception");
        } catch (BadUserRequestException e) {
            assertTrue(e.getMessage().contains("The resource type 'Application' is not valid"));
            assertTrue(e.getMessage().contains(BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES.getName()));
        }
        try {
            this.authorizationService.isUserAuthorized("userId", (List) null, ProcessDefinitionPermissions.RETRY_JOB, Resources.APPLICATION);
            fail("expected exception");
        } catch (BadUserRequestException e2) {
            assertTrue(e2.getMessage().contains("The resource type 'Application' is not valid"));
            assertTrue(e2.getMessage().contains(ProcessDefinitionPermissions.RETRY_JOB.getName()));
        }
        try {
            this.authorizationService.isUserAuthorized("userId", (List) null, ProcessInstancePermissions.RETRY_JOB, Resources.APPLICATION);
            fail("expected exception");
        } catch (BadUserRequestException e3) {
            assertTrue(e3.getMessage().contains("The resource type 'Application' is not valid"));
            assertTrue(e3.getMessage().contains(ProcessInstancePermissions.RETRY_JOB.getName()));
        }
    }

    public void testIsUserAuthorizedWithInvalidResourceMultiplePermissions() {
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("userId");
        createNewAuthorization.addPermission(ProcessInstancePermissions.READ);
        createNewAuthorization.addPermission(ProcessInstancePermissions.RETRY_JOB);
        createNewAuthorization.setResource(Resources.PROCESS_INSTANCE);
        createNewAuthorization.setResourceId("*");
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        assertEquals(true, this.authorizationService.isUserAuthorized("userId", (List) null, Permissions.READ, Resources.PROCESS_INSTANCE));
        assertEquals(true, this.authorizationService.isUserAuthorized("userId", (List) null, ProcessInstancePermissions.RETRY_JOB, Resources.PROCESS_INSTANCE));
        assertEquals(false, this.authorizationService.isUserAuthorized("userId", (List) null, BatchPermissions.CREATE_BATCH_MIGRATE_PROCESS_INSTANCES, Resources.BATCH));
        assertEquals(false, this.authorizationService.isUserAuthorized("userId", (List) null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_DEFINITION));
        assertEquals(false, this.authorizationService.isUserAuthorized("userId", (List) null, Permissions.ACCESS, Resources.APPLICATION));
        try {
            this.authorizationService.isUserAuthorized("userId", (List) null, ProcessDefinitionPermissions.RETRY_JOB, Resources.PROCESS_INSTANCE);
            fail("expected exception");
        } catch (BadUserRequestException e) {
            assertTrue(e.getMessage().contains("The resource type 'ProcessInstance' is not valid"));
            assertTrue(e.getMessage().contains(ProcessDefinitionPermissions.RETRY_JOB.getName()));
        }
    }

    public void testIsUserAuthorizedWithValidResourceImpl() {
        ResourceImpl resourceImpl = new ResourceImpl("application", 0);
        Authorization createNewAuthorization = this.authorizationService.createNewAuthorization(1);
        createNewAuthorization.setUserId("userId");
        createNewAuthorization.addPermission(Permissions.ACCESS);
        createNewAuthorization.setResource(Resources.APPLICATION);
        createNewAuthorization.setResourceId("*");
        this.authorizationService.saveAuthorization(createNewAuthorization);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
        assertEquals(true, this.authorizationService.isUserAuthorized("userId", (List) null, Permissions.ACCESS, resourceImpl));
    }

    protected void cleanupAfterTest() {
        Iterator it = this.authorizationService.createAuthorizationQuery().list().iterator();
        while (it.hasNext()) {
            this.authorizationService.deleteAuthorization(((Authorization) it.next()).getId());
        }
    }
}
