package org.camunda.bpm.engine.test.api.authorization;

import java.util.List;
import java.util.Set;
import org.camunda.bpm.application.ProcessApplicationReference;
import org.camunda.bpm.application.impl.EmbeddedProcessApplication;
import org.camunda.bpm.engine.AuthorizationException;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.AuthorizationQuery;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.query.Query;
import org.camunda.bpm.engine.repository.Deployment;
import org.camunda.bpm.engine.repository.DeploymentQuery;
import org.camunda.bpm.engine.repository.Resource;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/DeploymentAuthorizationTest.class */
public class DeploymentAuthorizationTest extends AuthorizationTest {
    protected static final String FIRST_RESOURCE = "org/camunda/bpm/engine/test/api/oneTaskProcess.bpmn20.xml";
    protected static final String SECOND_RESOURCE = "org/camunda/bpm/engine/test/api/authorization/messageBoundaryEventProcess.bpmn20.xml";

    public void testSimpleDeploymentQueryWithoutAuthorization() {
        String createDeployment = createDeployment(null);
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 0);
        deleteDeployment(createDeployment);
    }

    public void testSimpleDeploymentQueryWithReadPermissionOnDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, createDeployment, this.userId, Permissions.READ);
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 1);
        deleteDeployment(createDeployment);
    }

    public void testSimpleDeploymentQueryWithReadPermissionOnAnyDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.READ);
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 1);
        deleteDeployment(createDeployment);
    }

    public void testDeploymentQueryWithoutAuthorization() {
        String createDeployment = createDeployment("first");
        String createDeployment2 = createDeployment("second");
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 0);
        deleteDeployment(createDeployment);
        deleteDeployment(createDeployment2);
    }

    public void testDeploymentQueryWithReadPermissionOnDeployment() {
        String createDeployment = createDeployment("first");
        String createDeployment2 = createDeployment("second");
        createGrantAuthorization(Resources.DEPLOYMENT, createDeployment, this.userId, Permissions.READ);
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 1);
        deleteDeployment(createDeployment);
        deleteDeployment(createDeployment2);
    }

    public void testDeploymentQueryWithReadPermissionOnAnyDeployment() {
        String createDeployment = createDeployment("first");
        String createDeployment2 = createDeployment("second");
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.READ);
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 2);
        deleteDeployment(createDeployment);
        deleteDeployment(createDeployment2);
    }

    public void testCreateDeploymentWithoutAuthoriatzion() {
        try {
            this.repositoryService.createDeployment().addClasspathResource(FIRST_RESOURCE).deploy();
            fail("Exception expected: It should not be possible to create a new deployment");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            assertTextPresent(this.userId, message);
            assertTextPresent(Permissions.CREATE.getName(), message);
            assertTextPresent(Resources.DEPLOYMENT.resourceName(), message);
        }
    }

    public void testCreateDeployment() {
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.CREATE);
        Deployment deploy = this.repositoryService.createDeployment().addClasspathResource(FIRST_RESOURCE).deploy();
        disableAuthorization();
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 1);
        enableAuthorization();
        deleteDeployment(deploy.getId());
    }

    public void testDeleteDeploymentWithoutAuthorization() {
        String createDeployment = createDeployment(null);
        try {
            this.repositoryService.deleteDeployment(createDeployment);
            fail("Exception expected: it should not be possible to delete a deployment");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            assertTextPresent(this.userId, message);
            assertTextPresent(Permissions.DELETE.getName(), message);
            assertTextPresent(Resources.DEPLOYMENT.resourceName(), message);
        }
        deleteDeployment(createDeployment);
    }

    public void testDeleteDeploymentWithDeletePermissionOnDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, createDeployment, this.userId, Permissions.DELETE);
        this.repositoryService.deleteDeployment(createDeployment);
        disableAuthorization();
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 0);
        enableAuthorization();
        deleteDeployment(createDeployment);
    }

    public void testDeleteDeploymentWithDeletePermissionOnAnyDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.DELETE);
        this.repositoryService.deleteDeployment(createDeployment);
        disableAuthorization();
        verifyQueryResults(this.repositoryService.createDeploymentQuery(), 0);
        enableAuthorization();
        deleteDeployment(createDeployment);
    }

    public void testGetDeploymentResourceNamesWithoutAuthorization() {
        String createDeployment = createDeployment(null);
        try {
            this.repositoryService.getDeploymentResourceNames(createDeployment);
            fail("Exception expected: it should not be possible to retrieve deployment resource names");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            assertTextPresent(this.userId, message);
            assertTextPresent(Permissions.READ.getName(), message);
            assertTextPresent(Resources.DEPLOYMENT.resourceName(), message);
        }
        deleteDeployment(createDeployment);
    }

    public void testGetDeploymentResourceNamesWithReadPermissionOnDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, createDeployment, this.userId, Permissions.READ);
        List deploymentResourceNames = this.repositoryService.getDeploymentResourceNames(createDeployment);
        assertFalse(deploymentResourceNames.isEmpty());
        assertEquals(2, deploymentResourceNames.size());
        assertTrue(deploymentResourceNames.contains(FIRST_RESOURCE));
        assertTrue(deploymentResourceNames.contains(SECOND_RESOURCE));
        deleteDeployment(createDeployment);
    }

    public void testGetDeploymentResourceNamesWithReadPermissionOnAnyDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.READ);
        List deploymentResourceNames = this.repositoryService.getDeploymentResourceNames(createDeployment);
        assertFalse(deploymentResourceNames.isEmpty());
        assertEquals(2, deploymentResourceNames.size());
        assertTrue(deploymentResourceNames.contains(FIRST_RESOURCE));
        assertTrue(deploymentResourceNames.contains(SECOND_RESOURCE));
        deleteDeployment(createDeployment);
    }

    public void testGetDeploymentResourcesWithoutAuthorization() {
        String createDeployment = createDeployment(null);
        try {
            this.repositoryService.getDeploymentResources(createDeployment);
            fail("Exception expected: it should not be possible to retrieve deployment resources");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            assertTextPresent(this.userId, message);
            assertTextPresent(Permissions.READ.getName(), message);
            assertTextPresent(Resources.DEPLOYMENT.resourceName(), message);
        }
        deleteDeployment(createDeployment);
    }

    public void testGetDeploymentResourcesWithReadPermissionOnDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, createDeployment, this.userId, Permissions.READ);
        List deploymentResources = this.repositoryService.getDeploymentResources(createDeployment);
        assertFalse(deploymentResources.isEmpty());
        assertEquals(2, deploymentResources.size());
        deleteDeployment(createDeployment);
    }

    public void testGetDeploymentResourcesWithReadPermissionOnAnyDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.READ);
        List deploymentResources = this.repositoryService.getDeploymentResources(createDeployment);
        assertFalse(deploymentResources.isEmpty());
        assertEquals(2, deploymentResources.size());
        deleteDeployment(createDeployment);
    }

    public void testGetResourceAsStreamWithoutAuthorization() {
        String createDeployment = createDeployment(null);
        try {
            this.repositoryService.getResourceAsStream(createDeployment, FIRST_RESOURCE);
            fail("Exception expected: it should not be possible to retrieve a resource as stream");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            assertTextPresent(this.userId, message);
            assertTextPresent(Permissions.READ.getName(), message);
            assertTextPresent(Resources.DEPLOYMENT.resourceName(), message);
        }
        deleteDeployment(createDeployment);
    }

    public void testGetResourceAsStreamWithReadPermissionOnDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, createDeployment, this.userId, Permissions.READ);
        assertNotNull(this.repositoryService.getResourceAsStream(createDeployment, FIRST_RESOURCE));
        deleteDeployment(createDeployment);
    }

    public void testGetResourceAsStreamWithReadPermissionOnAnyDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.READ);
        assertNotNull(this.repositoryService.getResourceAsStream(createDeployment, FIRST_RESOURCE));
        deleteDeployment(createDeployment);
    }

    public void testGetResourceAsStreamByIdWithoutAuthorization() {
        String createDeployment = createDeployment(null);
        disableAuthorization();
        List deploymentResources = this.repositoryService.getDeploymentResources(createDeployment);
        enableAuthorization();
        try {
            this.repositoryService.getResourceAsStreamById(createDeployment, ((Resource) deploymentResources.get(0)).getId());
            fail("Exception expected: it should not be possible to retrieve a resource as stream");
        } catch (AuthorizationException e) {
            String message = e.getMessage();
            assertTextPresent(this.userId, message);
            assertTextPresent(Permissions.READ.getName(), message);
            assertTextPresent(Resources.DEPLOYMENT.resourceName(), message);
        }
        deleteDeployment(createDeployment);
    }

    public void testGetResourceAsStreamByIdWithReadPermissionOnDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, createDeployment, this.userId, Permissions.READ);
        disableAuthorization();
        List deploymentResources = this.repositoryService.getDeploymentResources(createDeployment);
        enableAuthorization();
        assertNotNull(this.repositoryService.getResourceAsStreamById(createDeployment, ((Resource) deploymentResources.get(0)).getId()));
        deleteDeployment(createDeployment);
    }

    public void testGetResourceAsStreamByIdWithReadPermissionOnAnyDeployment() {
        String createDeployment = createDeployment(null);
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.READ);
        disableAuthorization();
        List deploymentResources = this.repositoryService.getDeploymentResources(createDeployment);
        enableAuthorization();
        assertNotNull(this.repositoryService.getResourceAsStreamById(createDeployment, ((Resource) deploymentResources.get(0)).getId()));
        deleteDeployment(createDeployment);
    }

    public void testCreateAuthorizationOnDeploy() {
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.CREATE);
        Deployment deploy = this.repositoryService.createDeployment().addClasspathResource(FIRST_RESOURCE).deploy();
        Authorization authorization = (Authorization) this.authorizationService.createAuthorizationQuery().userIdIn(new String[]{this.userId}).resourceId(deploy.getId()).singleResult();
        assertNotNull(authorization);
        assertTrue(authorization.isPermissionGranted(Permissions.READ));
        assertTrue(authorization.isPermissionGranted(Permissions.DELETE));
        assertFalse(authorization.isPermissionGranted(Permissions.UPDATE));
        deleteDeployment(deploy.getId());
    }

    public void testClearAuthorizationOnDeleteDeployment() {
        createGrantAuthorization(Resources.DEPLOYMENT, "*", this.userId, Permissions.CREATE);
        String id = this.repositoryService.createDeployment().addClasspathResource(FIRST_RESOURCE).deploy().getId();
        AuthorizationQuery resourceId = this.authorizationService.createAuthorizationQuery().userIdIn(new String[]{this.userId}).resourceId(id);
        assertNotNull((Authorization) resourceId.singleResult());
        this.repositoryService.deleteDeployment(id);
        assertNull((Authorization) resourceId.singleResult());
        deleteDeployment(id);
    }

    public void testRegisterProcessApplicationWithoutAuthorization() {
        ProcessApplicationReference reference = new EmbeddedProcessApplication().getReference();
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        try {
            this.managementService.registerProcessApplication(id, reference);
            fail("Exception expected: It should not be possible to register a process application");
        } catch (AuthorizationException e) {
            assertTextPresent("ENGINE-03029 The user with id 'test' is not a member of the group with id 'camunda-admin'", e.getMessage());
        }
        deleteDeployment(id);
    }

    public void testRegisterProcessApplicationAsCamundaAdmin() {
        createGroup("camunda-admin");
        createMembership(this.userId, "camunda-admin");
        ProcessApplicationReference reference = new EmbeddedProcessApplication().getReference();
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        assertNotNull(this.managementService.registerProcessApplication(id, reference));
        assertNotNull(getProcessApplicationForDeployment(id));
        deleteDeployment(id);
    }

    public void testUnregisterProcessApplicationWithoutAuthorization() {
        EmbeddedProcessApplication embeddedProcessApplication = new EmbeddedProcessApplication();
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        registerProcessApplication(id, embeddedProcessApplication.getReference());
        try {
            this.managementService.unregisterProcessApplication(id, true);
            fail("Exception expected: It should not be possible to unregister a process application");
        } catch (AuthorizationException e) {
            assertTextPresent("ENGINE-03029 The user with id 'test' is not a member of the group with id 'camunda-admin'", e.getMessage());
        }
        deleteDeployment(id);
    }

    public void testUnregisterProcessApplicationAsCamundaAdmin() {
        createGroup("camunda-admin");
        createMembership(this.userId, "camunda-admin");
        EmbeddedProcessApplication embeddedProcessApplication = new EmbeddedProcessApplication();
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        registerProcessApplication(id, embeddedProcessApplication.getReference());
        this.managementService.unregisterProcessApplication(id, true);
        assertNull(getProcessApplicationForDeployment(id));
        deleteDeployment(id);
    }

    public void testGetProcessApplicationForDeploymentWithoutAuthorization() {
        EmbeddedProcessApplication embeddedProcessApplication = new EmbeddedProcessApplication();
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        registerProcessApplication(id, embeddedProcessApplication.getReference());
        try {
            this.managementService.getProcessApplicationForDeployment(id);
            fail("Exception expected: It should not be possible to get the process application");
        } catch (AuthorizationException e) {
            assertTextPresent("ENGINE-03029 The user with id 'test' is not a member of the group with id 'camunda-admin'", e.getMessage());
        }
        deleteDeployment(id);
    }

    public void testGetProcessApplicationForDeploymentAsCamundaAdmin() {
        createGroup("camunda-admin");
        createMembership(this.userId, "camunda-admin");
        EmbeddedProcessApplication embeddedProcessApplication = new EmbeddedProcessApplication();
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        registerProcessApplication(id, embeddedProcessApplication.getReference());
        assertNotNull(this.managementService.getProcessApplicationForDeployment(id));
        deleteDeployment(id);
    }

    public void testGetRegisteredDeploymentsWithoutAuthorization() {
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        try {
            this.managementService.getRegisteredDeployments();
            fail("Exception expected: It should not be possible to get the registered deployments");
        } catch (AuthorizationException e) {
            assertTextPresent("ENGINE-03029 The user with id 'test' is not a member of the group with id 'camunda-admin'", e.getMessage());
        }
        deleteDeployment(id);
    }

    public void testGetRegisteredDeploymentsAsCamundaAdmin() {
        createGroup("camunda-admin");
        createMembership(this.userId, "camunda-admin");
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        assertTrue(this.managementService.getRegisteredDeployments().contains(id));
        deleteDeployment(id);
    }

    public void testRegisterDeploymentForJobExecutorWithoutAuthorization() {
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        try {
            this.managementService.registerDeploymentForJobExecutor(id);
            fail("Exception expected: It should not be possible to register the deployment");
        } catch (AuthorizationException e) {
            assertTextPresent("ENGINE-03029 The user with id 'test' is not a member of the group with id 'camunda-admin'", e.getMessage());
        }
        deleteDeployment(id);
    }

    public void testRegisterDeploymentForJobExecutorAsCamundaAdmin() {
        createGroup("camunda-admin");
        createMembership(this.userId, "camunda-admin");
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        this.managementService.registerDeploymentForJobExecutor(id);
        assertTrue(getRegisteredDeployments().contains(id));
        deleteDeployment(id);
    }

    public void testUnregisterDeploymentForJobExecutorWithoutAuthorization() {
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        try {
            this.managementService.unregisterDeploymentForJobExecutor(id);
            fail("Exception expected: It should not be possible to unregister the deployment");
        } catch (AuthorizationException e) {
            assertTextPresent("ENGINE-03029 The user with id 'test' is not a member of the group with id 'camunda-admin'", e.getMessage());
        }
        deleteDeployment(id);
    }

    public void testUnregisterDeploymentForJobExecutorAsCamundaAdmin() {
        createGroup("camunda-admin");
        createMembership(this.userId, "camunda-admin");
        String id = createDeployment(null, FIRST_RESOURCE).getId();
        this.managementService.unregisterDeploymentForJobExecutor(id);
        assertFalse(getRegisteredDeployments().contains(id));
        deleteDeployment(id);
    }

    protected void verifyQueryResults(DeploymentQuery deploymentQuery, int i) {
        verifyQueryResults((Query<?, ?>) deploymentQuery, i);
    }

    protected String createDeployment(String str) {
        return createDeployment(str, FIRST_RESOURCE, SECOND_RESOURCE).getId();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.camunda.bpm.engine.test.api.authorization.AuthorizationTest
    public Group createGroup(String str) {
        disableAuthorization();
        Group createGroup = super.createGroup(str);
        enableAuthorization();
        return createGroup;
    }

    protected void createMembership(String str, String str2) {
        disableAuthorization();
        this.identityService.createMembership(str, str2);
        enableAuthorization();
    }

    protected void registerProcessApplication(String str, ProcessApplicationReference processApplicationReference) {
        disableAuthorization();
        this.managementService.registerProcessApplication(str, processApplicationReference);
        enableAuthorization();
    }

    protected String getProcessApplicationForDeployment(String str) {
        disableAuthorization();
        String processApplicationForDeployment = this.managementService.getProcessApplicationForDeployment(str);
        enableAuthorization();
        return processApplicationForDeployment;
    }

    protected Set<String> getRegisteredDeployments() {
        disableAuthorization();
        Set<String> registeredDeployments = this.managementService.getRegisteredDeployments();
        enableAuthorization();
        return registeredDeployments;
    }
}
