package org.apache.brooklyn.core.mgmt.entitlement;

import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.net.URI;
import org.apache.brooklyn.api.entity.Application;
import org.apache.brooklyn.api.entity.EntitySpec;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.core.entity.Entities;
import org.apache.brooklyn.core.internal.BrooklynProperties;
import org.apache.brooklyn.core.mgmt.entitlement.Entitlements;
import org.apache.brooklyn.core.test.entity.LocalManagementContextForTests;
import org.apache.brooklyn.entity.stock.BasicApplication;
import org.apache.brooklyn.util.core.config.ConfigBag;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/brooklyn/core/mgmt/entitlement/AcmeEntitlementManagerTestFixture.class */
public abstract class AcmeEntitlementManagerTestFixture {
    protected ManagementContext mgmt;
    protected Application app;
    protected ConfigBag configBag;

    public void setup(ConfigBag configBag) {
        this.mgmt = new LocalManagementContextForTests(BrooklynProperties.Factory.newEmpty().addFrom(configBag));
        this.app = this.mgmt.getEntityManager().createEntity(EntitySpec.create(BasicApplication.class));
    }

    @BeforeMethod(alwaysRun = true)
    public void init() throws IOException {
        Entitlements.clearEntitlementContext();
        this.configBag = ConfigBag.newInstance();
        addGlobalConfig();
    }

    protected abstract void addGlobalConfig() throws IOException;

    @AfterMethod(alwaysRun = true)
    public void tearDown() {
        Entitlements.clearEntitlementContext();
        if (this.app != null) {
            Entities.destroyAll(this.app.getManagementContext());
        }
        if (this.mgmt != null) {
            Entities.destroyAll(this.mgmt);
        }
        this.app = null;
        this.mgmt = null;
    }

    @Test
    public void testMetricsHasMinimalPermissions() {
        checkUserHasMinimalPermissions("metrics");
    }

    public void checkUserHasMinimalPermissions(String str) {
        setup(this.configBag);
        Entitlements.setEntitlementContext(new WebEntitlementContext(str, "127.0.0.1", URI.create("/applications").toString(), "H"));
        Assert.assertFalse(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.ROOT, (Object) null));
        Assert.assertFalse(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.SEE_ENTITY, this.app));
        Assert.assertFalse(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(this.app, Entitlements.StringAndArgument.of("any-eff", (Object) null))));
        Assert.assertFalse(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(this.app, "any-sensor")));
        confirmEffectorEntitlement(false);
    }

    @Test
    public void testSupportHasReadOnlyPermissions() {
        checkUserHasReadOnlyPermissions("support");
    }

    public void checkUserHasReadOnlyPermissions(String str) {
        setup(this.configBag);
        Entitlements.setEntitlementContext(new WebEntitlementContext(str, "127.0.0.1", URI.create("/X").toString(), "B"));
        Assert.assertFalse(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.ROOT, (Object) null));
        Assert.assertTrue(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.SEE_ENTITY, this.app));
        Assert.assertFalse(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(this.app, Entitlements.StringAndArgument.of("any-eff", (Object) null))));
        Assert.assertTrue(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(this.app, "any-sensor")));
        confirmEffectorEntitlement(false);
    }

    @Test
    public void testAdminHasAllPermissions() {
        checkUserHasAllPermissions("admin");
    }

    public void checkUserHasAllPermissions(String str) {
        setup(this.configBag);
        Entitlements.setEntitlementContext(new WebEntitlementContext(str, "127.0.0.1", URI.create("/X").toString(), "A"));
        Assert.assertTrue(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.ROOT, (Object) null));
        Assert.assertTrue(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.SEE_ENTITY, this.app));
        Assert.assertTrue(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(this.app, Entitlements.StringAndArgument.of("any-eff", (Object) null))));
        Assert.assertTrue(Entitlements.isEntitled(this.mgmt.getEntitlementManager(), Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(this.app, "any-sensor")));
        confirmEffectorEntitlement(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void confirmEffectorEntitlement(boolean z) {
        try {
            this.app.start(ImmutableList.of());
            checkNoException(z);
        } catch (Exception e) {
            checkNotEntitledException(z, e);
        }
    }

    private void checkNoException(boolean z) {
        checkNotEntitledException(z, null);
    }

    private void checkNotEntitledException(boolean z, Exception exc) {
        if (exc == null) {
            if (z) {
                return;
            } else {
                Assert.fail("entitlement should have been denied");
            }
        }
        if (((Exception) Exceptions.getFirstThrowableOfType(exc, NotEntitledException.class)) == null) {
            throw Exceptions.propagate(exc);
        }
        if (z) {
            Assert.fail("entitlement should have been granted, but was denied: " + exc);
        }
    }
}
