package com.linkedin.venice.acl;

import com.linkedin.venice.acl.handler.StoreAclHandler;
import com.linkedin.venice.exceptions.VeniceNoStoreException;
import com.linkedin.venice.helix.HelixReadOnlyStoreRepository;
import com.linkedin.venice.meta.Store;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.ssl.SslHandler;
import java.net.SocketAddress;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import org.mockito.ArgumentMatcher;
import org.mockito.Mockito;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:com/linkedin/venice/acl/StoreAclHandlerTest.class */
public class StoreAclHandlerTest {
    private DynamicAccessController accessController;
    private HelixReadOnlyStoreRepository metadataRepo;
    private ChannelHandlerContext ctx;
    private Channel channel;
    private HttpRequest req;
    private StoreAclHandler aclHandler;
    private Store store;
    private boolean[] hasAccess = {false};
    private boolean[] hasAcl = {false};
    private boolean[] hasStore = {false};
    private boolean[] isSystemStore = {false};
    private boolean[] isFailOpen = {false};
    private boolean[] isMetadata = {false};

    /* loaded from: input_file:com/linkedin/venice/acl/StoreAclHandlerTest$ContextMatcher.class */
    public static class ContextMatcher implements ArgumentMatcher<FullHttpResponse> {
        private HttpResponseStatus status;

        public ContextMatcher(HttpResponseStatus httpResponseStatus) {
            this.status = httpResponseStatus;
        }

        public boolean matches(FullHttpResponse fullHttpResponse) {
            return fullHttpResponse.status().equals(this.status);
        }
    }

    @BeforeMethod
    public void setUp() throws Exception {
        this.accessController = (DynamicAccessController) Mockito.mock(DynamicAccessController.class);
        this.ctx = (ChannelHandlerContext) Mockito.mock(ChannelHandlerContext.class);
        this.req = (HttpRequest) Mockito.mock(HttpRequest.class);
        this.store = (Store) Mockito.mock(Store.class);
        Mockito.when(this.accessController.init((List) Mockito.any())).thenReturn(this.accessController);
        ChannelPipeline channelPipeline = (ChannelPipeline) Mockito.mock(ChannelPipeline.class);
        Mockito.when(this.ctx.pipeline()).thenReturn(channelPipeline);
        SslHandler sslHandler = (SslHandler) Mockito.mock(SslHandler.class);
        Mockito.when(channelPipeline.get(SslHandler.class)).thenReturn(sslHandler);
        SSLEngine sSLEngine = (SSLEngine) Mockito.mock(SSLEngine.class);
        Mockito.when(sslHandler.engine()).thenReturn(sSLEngine);
        SSLSession sSLSession = (SSLSession) Mockito.mock(SSLSession.class);
        Mockito.when(sSLEngine.getSession()).thenReturn(sSLSession);
        Mockito.when(sSLSession.getPeerCertificates()).thenReturn(new Certificate[]{(X509Certificate) Mockito.mock(X509Certificate.class)});
        this.channel = (Channel) Mockito.mock(Channel.class);
        Mockito.when(this.ctx.channel()).thenReturn(this.channel);
        Mockito.when(this.channel.remoteAddress()).thenReturn((SocketAddress) Mockito.mock(SocketAddress.class));
        Mockito.when(this.req.method()).thenReturn(HttpMethod.GET);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [boolean[], boolean[][]] */
    @Test
    public void accessGranted() throws Exception {
        this.hasAccess[0] = true;
        enumerate(new boolean[]{this.hasAcl, this.hasStore, this.isSystemStore, this.isFailOpen, this.isMetadata});
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.never())).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.FORBIDDEN)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.never())).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.UNAUTHORIZED)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(8))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.BAD_REQUEST)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(24))).fireChannelRead(this.req);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [boolean[], boolean[][]] */
    @Test
    public void accessDenied() throws Exception {
        this.hasAccess[0] = false;
        enumerate(new boolean[]{this.hasAcl, this.hasStore, this.isSystemStore, this.isFailOpen, this.isMetadata});
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(8))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.BAD_REQUEST)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(20))).fireChannelRead(this.req);
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(1))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.UNAUTHORIZED)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(3))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.FORBIDDEN)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [boolean[], boolean[][]] */
    @Test
    public void storeExists() throws Exception {
        this.hasStore[0] = true;
        enumerate(new boolean[]{this.hasAccess, this.hasAcl, this.isFailOpen, this.isSystemStore, this.isMetadata});
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.never())).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.BAD_REQUEST)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(28))).fireChannelRead(this.req);
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(1))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.UNAUTHORIZED)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(3))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.FORBIDDEN)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [boolean[], boolean[][]] */
    @Test
    public void storeMissing() throws Exception {
        this.hasStore[0] = false;
        enumerate(new boolean[]{this.hasAccess, this.hasAcl, this.isFailOpen, this.isSystemStore, this.isMetadata});
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(16))).fireChannelRead(this.req);
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.never())).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.FORBIDDEN)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.never())).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.UNAUTHORIZED)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(16))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.BAD_REQUEST)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v3, types: [boolean[], boolean[][]] */
    @Test
    public void aclDisabledForSystemStore() throws Exception {
        this.isSystemStore[0] = true;
        this.hasStore[0] = true;
        enumerate(new boolean[]{this.hasAccess, this.hasAcl, this.isFailOpen, this.isMetadata});
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.never())).writeAndFlush(Mockito.any());
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(16))).fireChannelRead(this.req);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [boolean[], boolean[][]] */
    @Test
    public void aclDisabledForMetadataEndpoint() throws Exception {
        this.isMetadata[0] = true;
        enumerate(new boolean[]{this.hasAccess, this.hasAcl, this.isSystemStore, this.isFailOpen});
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.never())).writeAndFlush(Mockito.any());
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(16))).fireChannelRead(this.req);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v1, types: [boolean[], boolean[][]] */
    @Test
    public void aclMissing() throws Exception {
        enumerate(new boolean[]{this.hasStore, this.hasAcl, this.hasAccess, this.isSystemStore, this.isFailOpen, this.isMetadata});
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(1))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.UNAUTHORIZED)));
        ((ChannelHandlerContext) Mockito.verify(this.ctx, Mockito.times(3))).writeAndFlush(Mockito.argThat(new ContextMatcher(HttpResponseStatus.FORBIDDEN)));
    }

    private void update() throws Exception {
        Mockito.when(Boolean.valueOf(this.accessController.hasAccess((X509Certificate) Mockito.any(), (String) Mockito.any(), (String) Mockito.any()))).thenReturn(Boolean.valueOf(this.hasAccess[0]));
        Mockito.when(Boolean.valueOf(this.accessController.hasAcl((String) Mockito.any()))).thenReturn(Boolean.valueOf(this.hasAcl[0]));
        Mockito.when(Boolean.valueOf(this.accessController.isFailOpen())).thenReturn(Boolean.valueOf(this.isFailOpen[0]));
        Mockito.when(Boolean.valueOf(this.metadataRepo.hasStore((String) Mockito.any()))).thenReturn(Boolean.valueOf(this.hasStore[0]));
        if (this.hasStore[0]) {
            Mockito.when(this.metadataRepo.getStoreOrThrow((String) Mockito.any())).thenReturn(this.store);
        } else {
            Mockito.when(this.metadataRepo.getStoreOrThrow((String) Mockito.any())).thenThrow(new Throwable[]{new VeniceNoStoreException("storename")});
        }
        Mockito.when(Boolean.valueOf(this.store.isSystemStore())).thenReturn(Boolean.valueOf(this.isSystemStore[0]));
        if (this.isMetadata[0]) {
            Mockito.when(this.req.uri()).thenReturn("/metadata/storename/random");
        } else {
            Mockito.when(this.req.uri()).thenReturn("/random/storename/random");
        }
    }

    private void enumerate(boolean[]... zArr) throws Exception {
        int length = zArr.length;
        for (int i = 0; i < Math.pow(2.0d, length); i++) {
            for (int i2 = 0; i2 < length; i2++) {
                zArr[i2][0] = ((i >> i2) & 1) == 1;
            }
            this.metadataRepo = (HelixReadOnlyStoreRepository) Mockito.mock(HelixReadOnlyStoreRepository.class);
            this.aclHandler = (StoreAclHandler) Mockito.spy(new StoreAclHandler(this.accessController, this.metadataRepo));
            update();
            this.aclHandler.channelRead0(this.ctx, this.req);
        }
    }
}
